docx
2024-03-25_sspeirs_ID011393 CHSA Orofresh the Key (Home Support Surge)_draft.docx
- Source
- Attachments/docs
- Modified
- 2026-04-06 14:27:19
- Size
- 157 KB
Community Health Services Agreement Service Provider: OROFRESH ENTERPRISES INC. (dba THE KEY) Contract ID #: ID011393 Program Name: Home Support Surge – Coastal, North Shore table of contents 1. THE SERVICES 3 2. PERFORMANCE BY SERVICE PROVIDER 4 3. CARE QUALITY AND PREVENTION, REPORTING AND MANAGEMENT OF INCIDENTS 4 4. GOOD GOVERNANCE 4 5. COMMUNICATION AND FEEDBACK 4 6. PAYMENT 4 7. TAXES 5 8. CAPITAL ASSETS 5 9. AUDIT 5 10. REPRESENTATIONS AND WARRANTIES 6 11. PERFORMANCE AUDIT AND QUALITY ASSURANCE 6 12. SERVICE PROVIDER’S PERSONNEL 7 13. WORKERS COMPENSATION INSURANCE 8 14. CRIMINAL RECORD CHECKS 8 15. PERSONAL INFORMATION 9 16. CONFIDENTIALITY 9 17. INTELLECTUAL PROPERTY 10 18. INDEMNITY AND INSURANCE 10 19. LIMITATION OF LIABILITY 10 20. INTERRUPTION OF SERVICES AND EMERGENCIES 10 21. DISPUTES, DEFAULT, REMEDIES AND TERMINATION 11 22. TERMINATION FOR CONVENIENCE 12 23. RECEIVER 12 24. EFFECT OF EXPIRY OR TERMINATION 12 25. ASSIGNMENT 12 26. CHANGE IN CONTROL 12 27. SUBCONTRACTING 13 28. SERVICE PROVIDER ACCOUNTABLE 13 29. CONFLICT OF INTEREST 14 30. NATURE OF RELATIONSHIP 14 31. NOTICES 14 32. GENERAL 15 Schedule A 17 Schedule B 24 Schedule C 31 Schedule D 32 Schedule E 36 Community Health Services AGREEMENT CONTRACT ID #: ID011393 PROGRAM NAME: Home Support Surge – Coastal, North Shore THIS AGREEMENT dated for reference March 24, 2024 BETWEEN: VANCOUVER COASTAL HEALTH AUTHORITY, a regional health board designated under the Health Authorities Act (British Columbia) Contract Management Office 9th Floor, 601 West Broadway Vancouver, BC V5Z 4C2 (“VCH”) AND: OROFRESH ENTERPRISES INC. (DBA THE KEY) 1861 Marine Drive West Vancouver, BC V7V 1J7 (the “Service Provider”) RECITALS: VCH is a regional health board designated under the Health Authorities Act (British Columbia) with responsibility for the development, delivery and administration of health care services and programs within the geographical boundaries set out in the Health Authorities Act (British Columbia); The Service Provider provides valuable community health services which may involve complex health care and social issues; and The parties are committed to working together and establishing a cooperative and collaborative relationship to support and improve the delivery of community health services by the Service Provider to VCH patients, residents and clients. IN CONSIDERATION of the terms and covenants hereinafter contained and other good and valuable consideration provided by each of the parties to the other, the receipt and sufficiency of which are hereby acknowledged, the parties hereto agree as follows: THE SERVICES The Service Provider will provide the services set out in Schedule A (Services and Additional Terms) (the “Services”) during the term set out in Schedule A (Services and Additional Terms) (the “Term”) in accordance with this Agreement. The parties will comply with all additional terms and conditions that may be set out in Schedule A (Services and Additional Terms). PERFORMANCE BY SERVICE PROVIDER Unless otherwise specified herein, the Service Provider will deliver the Services to a standard of care, skill and diligence maintained by reputable and competent persons providing services similar to the Services. If any key personnel are specified in Schedule A (Services and Additional Terms), the Service Provider will ensure that those key personnel deliver the Services, unless VCH otherwise approves in writing, which approval will not be unreasonably withheld. The Service Provider agrees to diligently and responsibly perform and deliver the Services in accordance with: (a) the terms and conditions set out herein; (b) all applicable laws, which may include the Society Act (British Columbia); and (c) the instructions, protocols, guidelines and policies of VCH which VCH communicates to the Service Provider. CARE QUALITY AND PREVENTION, REPORTING AND MANAGEMENT OF INCIDENTS The Service Provider must cooperate with VCH to improve the delivery of health care in accordance with the Patient Care Quality Review Board Act (British Columbia) and agrees to: inform patients, residents and clients about the VCH Patient Care Quality Office, where appropriate, as an option for resolving concerns about the quality of the Services; and provide all reasonable assistance (including by promptly providing any available information or records) requested by VCH in relation to any care quality complaint under the Patient Care Quality Review Board Act (British Columbia). In this Agreement, “Incident” means an event or circumstance which could have resulted, or did result, in unnecessary harm to a patient, client or resident. The Service Provider will comply with any additional clauses relating to Incidents which may be set out in Schedule A (Services and Additional Terms). The Service Provider will take reasonable measures to prevent Incidents, including collaborating with VCH on preventive initiatives relevant to the programs of the Service Provider, and will report and manage Incidents in accordance with any protocols issued by VCH from time to time. GOOD GOVERNANCE VCH and the Service Provider are committed to the good governance principles of accountability, leadership, integrity, stewardship and transparency. VCH expects that the Service Provider will deliver the Services and carry out its operations in accordance with such principles. COMMUNICATION AND FEEDBACK The parties recognize the importance of maintaining ongoing dialogue and communication on matters relevant to this Agreement. VCH will provide feedback to the Service Provider on the Service Provider’s delivery of the Services and its performance under this Agreement, and will provide opportunities for the Service Provider to provide feedback to VCH. PAYMENT The parties agree that payment for the Services will be handled in accordance with Schedule B (Payment and Financial Reporting). The parties will comply with the terms and conditions in Schedule B (Payment and Financial Reporting). The Service Provider will not in any manner whatsoever commit or purport to commit VCH to the payment of any money except pursuant to this Agreement. VCH may withhold or set off against any payment due to the Service Provider any charge, liability or indebtedness owed by the Service Provider to VCH or which under this Agreement is to be paid by or charged to the Service Provider. Notwithstanding any other provision of this Agreement, the payment of any monies by VCH to the Service Provider is subject to the Province of British Columbia having provided funds for such purposes for the fiscal year in which such funds are required. VCH reserves the right to amend this Agreement and, in particular, Schedule B (Payment and Financial Reporting), if subsequent to providing VCH with its funding, the Ministry of Health or other government funding bodies increases or decreases the funding allocation to VCH. TAXES It is the Service Provider’s responsibility to pay all business and revenue taxes, assessments and charges in relation to the Service Provider’s business/operations and the provision of the Services. The Service Provider will apply for and obtain, from the appropriate taxation authorities, any available refund, credit, rebate or remission of federal, provincial or other tax or duty imposed on the Service Provider as a result of this Agreement that VCH has paid or reimbursed to the Service Provider or agreed to pay or reimburse to the Service Provider under this Agreement, and immediately on receiving or being credited with any such amount, the Service Provider will remit that amount to VCH. The Service Provider will reimburse to VCH any federal, provincial or other tax or duty that is collected by the Service Provider from VCH that is not required under applicable law to be remitted to the appropriate taxation authorities, and is not in fact remitted to the appropriate taxation authorities under applicable law. If the Service Provider is not a resident in Canada, the Service Provider acknowledges that VCH may be required by law to withhold income tax from any payment of monies made by VCH under this Agreement and then to remit that tax to the Receiver General of Canada on the Service Provider’s behalf. CAPITAL ASSETS VCH may, in its discretion and subject to such terms and conditions as VCH may impose, provide capital funding to the Service Provider for the purchase of capital equipment or improvements required to provide the Services (the “Capital Assets”). The Service Provider will protect and preserve any Capital Assets purchased (whether in whole or in part) with capital funding from VCH under Section 8.1, for the purposes of the Services and will, if required by VCH, enter into a separate agreement with VCH in respect of the acquisition, ownership and use thereof. The Service Provider will, upon request by VCH, provide a list setting out any Capital Assets purchased with capital funding from VCH under Section 8.1, and any related information as may be reasonably requested by VCH. AUDIT VCH may from time to time, for the purpose of ensuring compliance with this Agreement and upon reasonable advance notice to the Service Provider, arrange for the audit, review or examination, of: the Service Provider’s books of accounts, records, invoices and receipts and any Financial Reports required to be kept or provided by the Service Provider under Schedule B (Payment and Financial Reporting); and any other documents or records (including non-financial documents and records) relating to the Services, the payment of monies made by VCH under this Agreement, this Agreement or the Service Provider’s operations to the extent that such documents or records are determined by VCH, acting reasonably, to be related or ancillary to the purpose of ensuring compliance with this Agreement. Such audit, review or examination will be carried out by a representative of VCH or a duly authorized independent Chartered Accountant or Chartered Professional Accountant. The Service Provider will fully cooperate, permit and provide reasonable assistance to facilitate any audit, review or examination under this Section 9.1. REPRESENTATIONS AND WARRANTIES As of the date of this Agreement and throughout the Term, the Service Provider represents and warrants to VCH that: the Service Provider is duly registered to carry on business in the jurisdiction where the Services will be performed; the Service Provider is fully trained and qualified to deliver the Services in accordance with the terms of this Agreement, or has all the trained and qualified personnel to deliver the Services in accordance with the terms of this Agreement. Without limiting the foregoing, the Service Provider represents and warrants that it or its personnel, as applicable, hold all the licenses, credentials and qualifications set out in Schedule A (Services and Additional Terms); the Service Provider has all the tools, facilities, materials, equipment, vehicles and contracts in place and available to enable the Service Provider to perform the Services in accordance with the terms of this Agreement; the Service Provider holds all permits, licenses, approvals and statutory authorities issued by any government or government agency that are necessary for the performance of the Services in accordance with the terms of this Agreement; the Service Provider has the power and capacity to enter into this Agreement and to observe, perform and comply with the terms of this Agreement; and this Agreement has been legally and properly executed by, or on behalf of, the Service Provider and is legally binding upon and enforceable against the Service Provider in accordance with its terms. In addition, if the Service Provider is incorporated or otherwise organized, the Service Provider represents and warrants to VCH that, as of the date of this Agreement and throughout the Term: the Service Provider is duly incorporated or otherwise organized and in good standing under the laws of Canada or a Canadian province or territory; and all necessary corporate or other proceedings have been taken and done to authorize the execution and delivery of this Agreement by, or on behalf of, the Service Provider. At VCH’s request, the Service Provider will provide proof of the foregoing representations and warranties. PERFORMANCE AUDIT AND QUALITY ASSURANCE The Service Provider will permit VCH, its representatives and/or agents to conduct audits and satisfaction surveys related to the performance and the delivery of the Services, from time to time. The Service Provider will cooperate with VCH for the purpose of Section 11.1 and provide reasonable assistance to VCH, including by allowing access by VCH staff, agents and consultants to the Service Provider’s site(s) where the Services are carried out and to any patients, residents and clients receiving Services. The Service Provider will provide accurate and correct quality assurance and/or performance measurement reports to VCH as VCH may reasonably require from time to time and in such format as may be required by VCH, including without limitation any such reports set out in Schedule A (Services and Additional Terms). The Service Provider acknowledges and agrees that VCH may use and report aggregate statistical information and other results of performance measurement, including reported output indicators, within VCH, and that VCH may from time to time share such information and results with the Ministry of Health and other governmental bodies or agencies, health authorities or organizations, and other service providers. SERVICE PROVIDER’S PERSONNEL The Service Provider will comply with all applicable municipal, provincial and federal laws relating to any persons employed or engaged by the Service Provider to provide the Services, including its employees, officers, independent contractors, subcontractors, volunteers, students, agents and representatives (collectively, the “Service Provider’s Personnel”). The Service Provider is the employer of the Service Provider's Personnel, and accordingly, all of the Service Provider’s Personnel will be under the direct management and sole supervision of the Service Provider and the Service Provider is solely responsible for all aspects of employment and labour relations in connection with the Service Provider’s Personnel, including the interviewing, hiring, training, payroll, compensation, benefits, supervision, direction, management, control, scheduling, evaluation, occupational health and safety, security, discipline and termination of the Service Provider’s Personnel. In addition, the Service Provider is responsible for maintaining a respectful workplace and ensuring that the Service Provider’s Personnel conduct themselves in a civil, respectful and cooperative manner at the workplace. The Service Provider and the Service Provider’s Personnel are independent contractors to VCH. No employment relationship is created between the Service Provider or any of the Service Provider's Personnel (on the one hand) and VCH (on the other hand), and no employee terms, conditions or benefits available to VCH's own personnel will accrue to the Service Provider or the Service Provider's Personnel. VCH will have no liability or responsibility for, and the Service Provider is solely responsible for, all payroll functions in respect of the Service Provider's Personnel, including requirements of applicable law and will pay and accept full and exclusive liability for all salaries and benefits, taxes, Employment Insurance premiums, Canada Pension Plan premiums or contributions, workers insurance assessments and other assessments and contributions of any kind and nature whatsoever or that are payable pursuant to any applicable laws. If the Service Provider or Service Provider's Personnel is also employed or engaged to perform services for VCH outside of this Agreement, the parties agree that any such person: is not an employee of or in an employment relationship with VCH, with respect to the work carried out by that person under this Agreement; will not hold him or herself out as being an employee of or in an employment relationship with VCH, with respect to the work carried out by that person under this Agreement; and will not be entitled to any terms or conditions of employment or any employment benefits from VCH, with respect to the work carried out by that person under this Agreement. VCH will have no liability or responsibility to the Service Provider or Service Provider's Personnel for any salaries and benefits, taxes, Employment Insurance premiums, Canada Pension Plan premiums or contributions, workers insurance assessments and other assessments and contributions of any kind and nature whatsoever or that are payable pursuant to any applicable laws, on behalf of, or for the benefit of, any such persons, with respect to the work carried out under this Agreement. Upon VCH’s request, the Service Provider will, and will ensure that any subcontractors will, provide to VCH or to an association of employers designated by VCH, statistical information in a form satisfactory to VCH respecting compensation paid to employee groups of the Service Provider or subcontractor, as applicable. Where acceptable to VCH, this statistical information may be provided without including identifying names. Without limiting the foregoing, and as applicable the Service Provider will comply, and will ensure compliance by any subcontractors, with all reporting requirements associated with the Health Sector Compensation Information System. WORKERS COMPENSATION INSURANCE The Service Provider will at its expense carry throughout the Term, workers compensation insurance for the Service Provider’s Personnel, as required by the Workers Compensation Act (British Columbia) or similar laws in other jurisdictions in which the Service Provider’s Personnel may be situated. If the Service Provider is an individual or a partnership of individuals and does not have the benefit of mandatory workers compensation coverage under the Workers Compensation Act (British Columbia) or similar laws in other jurisdictions, the Service Provider is exempt from the foregoing requirement, but will at its expense carry throughout the Term, personal optional protection insurance (consisting of income replacement and medical care coverage) from WorkSafeBC or other sources, if available. The Service Provider will keep its WorkSafeBC account (and equivalent accounts in other jurisdictions in which the Service Provider’s Personnel may be situated) active and in good standing at all times during the Term, and be solely responsible for all premiums, assessments and other costs associated with doing so. Upon the request of VCH, the Service Provider will provide a clearance letter from WorkSafeBC (or equivalent agency in other jurisdictions) indicating that the Service Provider is active and in good standing and has no outstanding premiums, assessments, fines, penalties or debts. If the Service Provider is advised by WorkSafeBC that the Service Provider or the Service Provider's Personnel is a “worker” of VCH, the Service Provider will advise VCH and provide VCH with any related documentation from WorkSafeBC. The parties acknowledge and agree that such determination by WorkSafeBC is not relevant to the Service Provider's status for any purpose except for the purposes of the Workers Compensation Act (British Columbia), that the Service Provider remains an independent contractor to VCH, and that neither the Service Provider nor any of the Service Provider’s Personnel is an employee of VCH. CRIMINAL RECORD CHECKS The Service Provider will comply with following, as may be applicable, in addition to any other background checks that the Service Provider considers reasonably appropriate or necessary: if the Service Provider or any of the Service Provider’s Personnel (including volunteers) will work directly with or have or potentially have unsupervised access to children or vulnerable adults, the Service Provider will at its expense (unless otherwise exempted from payment by the Ministry of Justice’s Criminal Records Review Program), register with the Ministry of Justice’s Criminal Records Review Program, carry out criminal record checks and ensure they are kept current, all in accordance with the Criminal Records Review Act (British Columbia); if the Service Provider or any of the Service Provider’s Personnel (including volunteers) will work directly with or have or potentially have unsupervised access to children or vulnerable adults, but the Criminal Records Review Act (British Columbia) does not apply, the Service Provider will carry out at its expense at least every five years, vulnerable sector checks with the RCMP or local municipal police; or if the Services are delivered at a private residence under the care or control of the Service Provider, the Service Provider will ensure that every person 18 years or older who resides or spends significant time in the home or place where the Services are provided or are to be provided, and who has or will have significant and unsupervised access to children or vulnerable adults in that home or place, undergoes a criminal record check under Section 14.1(a) or vulnerable sector check under 14.1(b), as applicable. The Service Provider will not permit anyone who has not been cleared by a criminal record check or vulnerable sector check as required by Section 14.1 or who is otherwise determined by the Service Provider to be a potential risk to children or vulnerable adults, to work directly with or to have or potentially have unsupervised access to children, vulnerable adults or their records. If the Service Provider is an individual person, the Service Provider must arrange for the results of any criminal record check or vulnerable sector check under Section 14.1 to be sent to VCH for review prior to the commencement of any Services. In such case, if the Service Provider is not cleared by the criminal record check or vulnerable record check, VCH may terminate this Agreement immediately upon written notice to the Service Provider. Upon written request, the Service Provider will provide VCH written confirmation that: (a) criminal record checks and/or vulnerable sector checks have been initiated; (b) criminal record checks and/or vulnerable sector checks were completed prior to the Services beginning or prior to unsupervised access to children, vulnerable adults or their records; (c) the Service Provider has acted on instructions from VCH and in accordance with the Criminal Records Review Act (British Columbia); and (d) all other related procedures have been followed. PERSONAL INFORMATION The Service Provider will comply with Schedule E (Privacy). Schedule E (Privacy) will govern in the event of any conflict between Schedule E (Privacy) and the balance of this Agreement, except that the following provisions will govern over any conflicting provision in Schedule E (Privacy): As contemplated in Section 11(b) of Schedule E (Privacy), if the Service Provider receives a request under FIPPA for access to or correction of Personal Information, the Service Provider will, in respect of any Records that are created, maintained, or held by the Service Provider, comply with FIPPA in responding to the request or in correcting the Records, and may consult with VCH as needed. The Service Provider will be responsible for providing notice of the corrected information to any person(s) who are entitled to receive such notice under FIPPA. In addition, if applicable, the Service Provider will comply with the Personal Information Protection Act (British Columbia). CONFIDENTIALITY “Confidential Information” means any and all information which the Service Provider receives or becomes aware of, including information relating to VCH's organization, operations, business, funding, financials, properties, facilities, assets, services, contracts, procurements, purchases, personnel, patients, residents, clients, service providers, suppliers, contractors, plans, designs, strategies and specifically includes this Agreement, any reports generated by the Service Provider under this Agreement and any other information relating to the Services or this Agreement, or that otherwise by its nature or by the circumstances in which it was disclosed, ought reasonably to be considered confidential, whether or not the information is labeled or described as "confidential". Where the Service Provider is in doubt about whether certain information is Confidential Information, the Service Provider will treat the information as Confidential Information. The Service Provider will only use the Confidential Information for the purpose of performing the Services and will not disclose the Confidential Information to any third party without the express written consent of VCH, unless in furtherance of delivering the Services and the Service Provider ensures that such third party is bound by confidentiality obligations similar to those of the Service Provider herein. INTELLECTUAL PROPERTY The parties agree that the Service Provider owns all right, title, and interest in and to the Service Provider’s manuals, guidelines, policies, documents or materials relating to the Service Provider’s services and operations (and all intellectual property rights thereto), which may be conceived, developed or made by the Service Provider in the course of delivering the Services and which may be used by the Service Provider during the delivery of the Services (the “Property”). The parties agree that, as between them, VCH owns all right, title, and interest in and to any and all existing records, software and any other materials (and all intellectual property rights thereto) that are provided by or on behalf of VCH to the Service Provider or any subcontractor under this Agreement. The Service Provider grants to VCH an irrevocable, perpetual, world-wide, royalty-free, no-charge, non-exclusive, transferable and sub-licensable license to use, reproduce, modify and distribute the Property (including any third party material that is embedded or incorporated into the Property by the Service Provider or any subcontractor under this Agreement) for any non-commercial purpose relating to the mandate of VCH, including the provision of health and community care services. VCH will consult with the Service Provider prior to any sub-licensing, modification and/or distribution of the Property in accordance with this Section 17.3. INDEMNITY AND INSURANCE The Service Provider will indemnify and save harmless VCH and its directors, officers, employees and agents (collectively, the “Indemnitees”), from any loss, claim (including any claim of infringement of third-party intellectual property rights), damage award, action, cause of action, cost or expense (including all legal fees and disbursements) that any or all of the Indemnitees may sustain, incur, suffer or be put to at any time, either before or after this Agreement ends, (each a “Loss”) to the extent that the Loss is directly or indirectly caused or contributed to by: (a) any act or omission by the Service Provider, its directors or the Service Provider’s Personnel in connection with this Agreement; or (b) any representation or warranty of the Service Provider being or becoming untrue or incorrect. The Service Provider will comply with the insurance requirements in Schedule D (Insurance). LIMITATION OF LIABILITY The agree that notwithstanding anything otherwise provided in this Agreement or any duty, principle, term or rule of law to the contrary, whether express or implied, will not be liable to the in connection with any claim for any special, incidental, indirect or consequential loss or damages, including loss of profits or loss of revenue. will not be liable in tort or any other cause of action to the in respect of any act or omission relating to or arising in connection with this Agreement, except to the extent of the negligence or willful misconduct of . INTERRUPTION OF SERVICES AND EMERGENCIES For the purposes of this Article 20, “Emergency” is defined as any sudden, urgent, or unexpected occurrence or occasion that: (a) causes a major disruption to the usual provision of the Services; and (b) endangers patient, resident or client safety or life. Without limitation, an Emergency may include an earthquake, flood or pandemic. For greater certainty, VCH will determine in its discretion whether an unforeseen interruption reportable under Section 20.3(a) is an Emergency for the purposes of this Article 20. During any Emergency, VCH may require access to the Service Provider’s site(s) where the Services are delivered and VCH may, in its discretion, elect to provide some or all of the Services or retain others to provide some or all of the Services. The Service Provider shall cooperate with VCH for the purpose of this Section 20.2 and provide reasonable assistance to VCH. If there is any interruption in the provision of the Services other than an Emergency, the Service Provider must: in the case of any unforeseen interruption, immediately notify VCH of the interruption, which notification can be made verbally, but must be followed up in writing within 5 calendar days of the verbal notification; and in the case of any planned interruption, notify VCH of the interruption in writing at least 30 calendar days (or as soon as practicable) prior to such interruption; in order to ensure a prompt, appropriate and orderly response to such interruption by all parties. VCH, in consultation with the Service Provider, will determine how the interruption in the provision of the Services will be handled. Either party may request that the parties renegotiate Schedule A (Services and Additional Terms) and Schedule B (Payment and Financial Reporting), in order to address any concerns of the requesting party arising from an Emergency or an interruption in the provision of the Services, including any health and safety concerns, taking into account the nature and length of such interruption. DISPUTES, DEFAULT, REMEDIES AND TERMINATION Subject to Sections 21.4 and 21.5, in the event of a dispute relating to this Agreement, VCH and the Service Provider will use reasonable efforts to resolve the dispute in a cooperative and timely manner while minimizing any detrimental impact of such dispute on the delivery of the Services. If the parties are unable to resolve the dispute in accordance with Section 21.1 within a reasonable amount of time, the parties may mutually agree to submit such dispute to mediation (the costs for which will be shared equally by the parties, although each party will bear its own legal costs and expenses arising from the mediation). If VCH considers that the Service Provider is or may be in non-compliance with a term or condition of this Agreement, VCH will communicate its concerns to the Service Provider and the Service Provider will work in good faith to address VCH’s concerns. If the Service Provider fails to address VCH’s concerns within a reasonable amount of time (as may be defined by VCH), and VCH considers that the Service Provider has failed to comply with a term or condition of this Agreement: VCH will provide written notice to the Service Provider of such failure to comply (the “Default Notice”); the Service Provider will remediate the non-compliance to the reasonable satisfaction of VCH within 30 calendar days (or such longer or shorter period as required by VCH in writing) after delivery of the Default Notice; and if the Service Provider does not remediate the non-compliance in accordance with Section 21.3(b), VCH may terminate this Agreement immediately upon further written notice to the Service Provider. If a risk to human life, safety or health arises in relation to the Service Provider's performance of the Services, VCH may terminate this Agreement immediately upon written notice to the Service Provider. If an order is made, a resolution is passed or a petition is filed, for the Service Provider’s liquidation or winding up; the Service Provider commits an act of bankruptcy, makes an assignment for the benefit of the Service Provider’s creditors or otherwise acknowledges the Service Provider’s insolvency; a bankruptcy petition is filed or presented against the Service Provider or a proposal under the Bankruptcy and Insolvency Act (Canada) is made by the Service Provider; a compromise or arrangement is proposed in respect of the Service Provider under the Companies’ Creditors Arrangement Act (Canada); a receiver or receiver manager is appointed for any of the Service Provider’s property; or the Service Provider ceases, in VCH’s reasonable opinion, to carry on business as a going concern (each, an “Insolvency Event”), then VCH may terminate this Agreement immediately upon written notice to the Service Provider or receiver or trustee in bankruptcy. TERMINATION FOR CONVENIENCE Either party may at any time and for any reason terminate this Agreement upon 30 calendar days’ written notice to the other party or such other time frame as the parties may agree to, acting reasonably. RECEIVER Upon the occurrence of an Insolvency Event or a failure to comply with any term or condition of this Agreement where VCH wishes to terminate this Agreement but determines, in its discretion, that such termination would result in an unacceptable interruption of the Services and/or risk to the health or safety of patients, residents or clients, VCH may take proceedings in any court of competent jurisdiction for the appointment of a receiver or receiver manager, of the Service Provider, all or any part of the Service Provider’s property, and/or all or any part of the operations of the Service Provider, and from time to time, may request that the court remove any such appointed receiver or receiver manager and appoint another in his/her/its stead. EFFECT OF EXPIRY OR TERMINATION Expiry or termination of this Agreement will not prejudice, limit or affect any unpaid payment obligation, claim or matter outstanding prior to termination or obligations consequent upon termination as provided for herein. Without limiting the foregoing, for clarity, this provision will record that it is understood that Article 6 (Payment), Article 7 (Taxes), Article 9 (Audit), Article 12 (Service Provider’s Personnel), Article 15 (Personal Information), Article 16 (Confidentiality), Article 17 (Intellectual Property), Article 18 (Indemnity and Insurance), Article 19 (Limitation of Liability), Article 24 (Effect of Expiry or Termination), Article 28 (Service Provider Accountable), Article 30 (Nature of Relationship), and Article 31 (Notices), and any other terms and conditions of this Agreement which, by their terms or nature, are intended to survive any expiry or termination of this Agreement, will survive any expiry or termination of this Agreement. ASSIGNMENT The Service Provider will not assign, either directly or indirectly, this Agreement or any of its rights hereunder, without the prior written consent of VCH. VCH may assign this Agreement (or any part hereof) to any successor of VCH as part of a regional or provincial reorganization or consolidation of health services. CHANGE IN CONTROL In this Article 26, a “change in control” means the following, according to the corporate structure of the Service Provider: If the Service Provider is a society, a “change in control” means: (i) a change in the purposes, activities or powers of the Service Provider; (ii) a transfer, sale, lease, sublease or other disposal of all or a material part of its assets used for or in connection with the provision of the Services to another person; or (iii) an amalgamation, merger, consolidation or other arrangement entered into between the Service Provider and another person. If the Service Provider is a company, a “change in control” means: (i) a transfer, sale or other disposal of voting, effective or de facto control of the Service Provider to another person such that there is a change in the power to direct the management and policies of the Service Provider; (ii) a transfer, sale, lease, sublease or other disposal of all or a material part of its assets used for or in connection with the provision of the Services to another person; or (iii) an amalgamation, merger, consolidation or other arrangement entered into between the Service Provider and another person. The Service Provider will not undertake or permit a change in control of the Service Provider without the prior written consent of VCH, which approval will not be unreasonably withheld. The Service Provider will provide written notice to VCH at least 90 days prior to any anticipated change in control of the Service Provider, and will provide any additional information and documents relating to the change in control that may be reasonably requested by VCH. VCH may object to a change in control and provide reasons for its objection within the 90 day period referred to in Section 26.2. If VCH so objects, but the Service Provider continues with the change in control, or the change in control occurs in any event, VCH may terminate this Agreement immediately upon written notice to the Service Provider. SUBCONTRACTING The Service Provider will not subcontract this Agreement or any of its obligations hereunder to any person without VCH’s prior written consent, except those subcontracted services and to the subcontractors set out in Schedule C (Subcontractors) as of the date that this Agreement is signed by the parties. The Service Provider will provide VCH with all information requested regarding a proposed subcontractor. Prior to any subcontracting of the Services, the Service Provider will review the capabilities, knowledge, experience, competence of, and the standards employed by, the potential subcontractor in a manner sufficient to establish that the potential subcontractor is able to supply qualified and trained personnel and meet the requirements of this Agreement. The Service Provider represents and warrants that it has carried out the foregoing due diligence on the subcontractors set out in Schedule C (Subcontractors), if any. The Service Provider will bind every subcontractor to the terms and conditions of this Agreement which are appropriate and applicable to the work to be performed by the subcontractor, and will ensure that the terms of any subcontracting arrangement are recorded in a written agreement. Without limitation, the Service Provider will ensure that all subcontracting agreements incorporate the terms set out in Schedule E (Privacy) and the Service Provider will provide a copy of Schedule E (Privacy) to all subcontractors. The Service Provider will secure compliance with and enforce each of its contracts with any subcontractor. The Service Provider will advise VCH of any non-compliance with this Agreement by any subcontractor and the termination of any subcontractor, and will take prompt steps to cure any non-compliance by a subcontractor. No subcontract entered into by the Service Provider, whether consented to or not, will relieve the Service Provider from any of its obligations under this Agreement, impose any obligation or liability upon VCH to any subcontractor, nor create any contractual relationship between any subcontractor and VCH. SERVICE PROVIDER ACCOUNTABLE The Service Provider will be responsible and accountable for the acts and omissions of the Service Provider’s Personnel, directors, assignees and invitees, and will ensure and enforce at its expense for the benefit of VCH, compliance and performance by all of such persons with all of the relevant terms and conditions of this Agreement. Any failure on the part of any such persons described in Section 28.1 to comply with the terms and conditions of this Agreement will be treated as and will constitute failure by the Service Provider under this Agreement. CONFLICT OF INTEREST The Service Provider hereby declares that no potential, actual or perceived conflict of interest exists with respect to the subject of this Agreement. If the Service Provider becomes aware of any potential, actual or perceived conflict of interest, the Service Provider will notify VCH immediately. The Service Provider will not, during the Term, engage in any business or activity, perform a service for or provide advice to any person, firm, corporation or other entity if the business or activity, performance of the service or the provision of the advice may, in the reasonable opinion of VCH, give rise to a conflict of interest. NATURE OF RELATIONSHIP The Service Provider is an independent contractor and not the servant, employee or agent of VCH. The parties agree that there is no employment relationship between VCH and the Service Provider or between VCH and any Service Provider’s Personnel, and no such employment relationship is created by this Agreement or by the provision of the Services hereunder. The Service Provider agrees that it has no right to enter into contracts or other legal commitments or obligations on behalf of VCH. NOTICES Any notice required or permitted to be given under this Agreement will be in writing and may be given by delivering, sending by email or other means of electronic communication capable of producing a printed copy, or sending by prepaid registered mail posted in Canada, the notice to the following addresses: If to VCH: Vancouver Coastal Health Authority Contract Management Office 9th Floor, 601 West Broadway Vancouver, BC V5Z 4C2 Email: VCHContracts@vch.ca If to the Service Provider: Carolina Orosa, President Orofresh Enterprises Inc. (dba The Key) 1861 Marine Drive West Vancouver, BC V7V 1J7 Email: corosa@thekey.com (or to such other address as any party may specify by notice in writing to another party). Any notice delivered or sent by email or other means of electronic communication capable of producing a printed copy on a business day will be deemed conclusively to have been effectively given on the day the notice was delivered, or the transmission was sent successfully, as the case may be. Any notice sent by prepaid registered mail will be deemed conclusively to have been effectively given on the third business day after posting; but if at the time of posting or between the time of posting and the third business day thereafter there is a strike, lockout, or other labour disturbance affecting postal service, then the notice will not be effectively given until actually delivered. GENERAL Each reference to a statute is deemed to be a reference to that statute and to the regulations made under that statute as amended or re-enacted from time to time, unless the context otherwise requires. The term “business day” will mean any day except Saturday, Sunday or a statutory holiday in British Columbia. The headings appearing in this Agreement have been inserted for reference and as a matter of convenience and in no way define, limit or enlarge the scope of any provision of this Agreement. This Agreement includes the following Schedules: Schedule A – Services and Additional Terms Schedule B – Payment and Financial Reporting Schedule C – Subcontractors Schedule D – Insurance Schedule E – Privacy Schedule If there is a conflict between a provision in the main body of this Agreement and a provision in a Schedule, the provision in the Schedule is inoperative to the extent of the conflict, unless the main body of this Agreement or the Schedule states that the Schedule operates despite or to override a conflicting provision in the main body of this Agreement. This Agreement will be binding upon and enure to the benefit of VCH, its successors and assigns and the Service Provider, its successors and permitted assigns. This Agreement will be governed by, and construed in accordance with, the laws of the Province of British Columbia. The Service Provider hereby attorns to the jurisdiction of the courts of the Province of British Columbia in the event of any dispute or proceeding hereunder. If any provision of this Agreement is invalid or unenforceable to any extent, the remainder of this Agreement will not be affected or impaired and will be valid and enforceable to the extent permitted by law. The rights and remedies of VCH in this Agreement are cumulative and are in addition to any rights and remedies available to VCH at law or in equity or by statute. No right or remedy will be deemed to exclude or to restrict the right of VCH to exercise any other rights or remedies against the Service Provider. Each party will perform the acts, execute and deliver the writings, and give the assurances as may be reasonably necessary to give full effect to this Agreement. If the Service Provider is comprised of more than one person, then each of the persons comprising the Service Provider will be bound jointly and severally by the terms, covenants and agreements herein on the part of the Service Provider. No amendment or modification to this Agreement will be effective unless the same has been reduced to writing and duly executed by the parties. Notwithstanding the foregoing, VCH reserves the right to modify this Agreement from time to time to conform to the standard form of services agreement generally used within VCH operations, to reflect changes to VCH operations or to make amendments or modifications pursuant to Section 6.4. In addition, the parties may, from time to time, agree in writing (without execution of an amending agreement) to make amendments and modifications to Schedule A (Services and Additional Terms). This Agreement (including any amendments or modifications of it) constitutes the entire agreement between the parties as to the performance of the Services. A waiver of a failure to comply with any provision of this Agreement by the Service Provider will be effective only if it is in writing and signed by VCH and will not be deemed to be a waiver of any subsequent failure to comply with the same or any other provision of this Agreement. This Agreement may be executed and delivered by electronic transmission capable of producing a printed copy, and in any number of counterparts, all of which together will constitute one and the same instrument. IN WITNESS WHEREOF the parties have executed this Agreement. SCHEDULE A SERVICES AND ADDITIONAL TERMS service provider: Orofresh Enterprises Inc. (dba The Key) CONTRACT ID #: ID011393 PROGRAM: Home Support Surge – Coastal, North Shore TERM: April 1 2024 – March 31, 2027 THE SERVICES Specific Description of Services. The Service Provider will deliver home support services to eligible persons who are living with acute or chronic health issues who are referred to the Service Provider by VCH (the “Clients”). More specifically, the Service Provider will provide the following services (collectively, the “Services”) to Clients in their homes: implementation of and provision of services described in the set Home Support Order (“HSO”) provided by VCH for each individual Client. The HSO is a plan of care for the Clients generated from VCH’s Primary Access Regional Information System (an electronic chart); skilled personal care for Clients, which will be delivered under appropriate professional supervision provided by the Service Provider, which personal care includes: assisting Clients with activities of daily living including assistance with bathing, personal hygiene, oral hygiene, hand and skin care, continence management, mobility, transfers, prosthetics and orthotics, eating, and dressing, other duties as assigned; assisting Clients with instrumental activities of daily living, including assistance with nutrition and hydration, simple meal preparation, cleaning as a risk reduction strategy and as authorized by VCH; and medication assistance as per the Personal Assistance Guidelines (PAG) issued by the Ministry of Health, as may be amended or replaced from time to time; health promotion and supporting Clients with self-management in other activities, as authorized by VCH; in-home respite care, including planned breaks that incorporate activities which must be related to the Services provided to the Client, to relieve family/support system from the ongoing responsibility of care giving; and assistance with all delegated tasks as per a Client’s individual HSO and goals, as authorized by VCH; and such other ancillary services as VCH may require from time to time. In the event that the parties agree to the provision of services by the Service Provider which go beyond the scope of this Agreement, the parties will amend this Agreement to include such new/additional/modified services. Types of Services. VCH will determine and specify which of the following types of home support service the Service Provider will provide for each Client, and the Service Provider will deliver such service type for the relevant Client: Long Term Home Support Hours – This service may be assigned to eligible individuals (see eligibility criteria for Home and Community Care in The Home and Community Care Policy Manual issued by the Ministry of Health, as may be amended or replaced from time to time) with chronic illnesses or disabilities that require ongoing support to live independently and safely in the community. Long Term Home Support service will be determined in accordance with interRAI (inter Resident Assessment Instrument) assessment and based on assessed need for home support service hours in accordance with MOH and VCH policies. The focus of Long Term Home Support Services may be restorative, maintenance, preventive or a combination thereof. VCH health care professional staff for VCH Home & Community Care, which includes LPNs, RNs, OTs and case managers that work in the community and are part of VCH’s Home Support Services Program (the “VCH Clinicians”), are responsible for working with the Clients to regularly monitor the Services and to adjust the individual HSO based on ongoing assessment of Client needs and risks and the overall care plan. Short Term Home Support Hours – This service will be authorized by VCH Clinicians, to support the safe transition of Clients from emergency or acute care to independence at home or to support short term recovery from acute illness at home. This support facilitates a “quick response” service for appropriate Clients. Convalescent Care Hours – This service may be assigned to a Client who is experiencing a temporary reduction in physical function and tolerance. The goal of convalescent care is restorative e.g. post-acute recovery. Convalescent Care service will be determined based on assessed needs, goals of care and the service allocation guidelines. The Client is generally expected to return to independent function. Service is anticipated to be up to a maximum of four months’ duration. Palliative Home Support Hours – This service may be assigned to any Client who has been diagnosed with a terminal illness. Payment for Services. The HSO will set out the specific Services and hours authorized by VCH to be provided by the Service Provider for a specific Client. Provided always that the Client consents, the Service Provider must provide the Services stated in the HSO regardless of whether it takes less time or more time than the authorized hours specified in the HSO. The Service Provider will submit an invoice to VCH in accordance with Schedule B, which states the actual time that the Caregiver spent providing the Services, for VCH’s review and reconciliation with the number of hours authorized in the HSO. VCH will pay the Service Provider for the authorized hours of Service stated in the HSO (subject to a 1-hour minimum charge per household) in accordance with Schedule B. Notwithstanding the preceding sentence, if the actual time spent delivering the Services during a particular Client visit exceeds the authorized hours stated in the HSO for that visit, and VCH determines (in its sole discretion, to be exercised reasonably and in good faith) that the actual time spent was appropriate, then VCH may pay the Service Provider according to the actual time. Home Support Services Delivery Area (HSSDA). The Service Provider will provide the Services in the following Home Support Services Delivery Areas (each an “HSSDA”) located within VCH: North Shore (comprising the City of North Vancouver, District of North Vancouver, District of West Vancouver, Bowel Island and Lion’s Bay); Notwithstanding the foregoing, VCH may request, from time to time, that the Service Provider provide Services to Clients residing outside of the HSSDA to meet Client needs or to address the temporary unavailability of other service providers, and the Service Provider will use commercially reasonable efforts to accommodate such requests. NATURE OF SURGE SERVICES No Volume Guarantee. The Services will be provided on a “surge” basis, meaning that the Service Provider will only provide the Services at VCH’s request, which may be made at VCH’s discretion. The Service Provider acknowledges that the hours may fluctuate with Client needs, and that VCH makes no representation or guarantee with respect to the volume of Client referrals or Services hours that VCH may request from the Service Provider under this Agreement, which may be “NIL”. Non-Exclusivity. The Service Provider may be one of potentially multiple contracted providers of the Services in the HSSDA. The Service Provider acknowledges that it does not have an exclusive right to provide the Services within the HSSDA or anywhere within VCH’s geographic boundaries. Without limiting the foregoing, the Service Provider acknowledges and agrees that VCH may provide home support services which are the same, similar or related to the Services through VCH staff and/or other contracted service providers if VCH determines that it is desirable or necessary to do so in order to meet the needs of Clients. No Negative Impact on the Services. Notwithstanding that the Services will be provided on a “surge” basis, the Service Provider agrees that the service quality and standards must not be compromised and to that extent, the Service Provider will ensure that any other services and programs that it delivers to third parties outside of this Agreement will not detract from or otherwise negatively affect the delivery of the Services under this Agreement. The Service Provider will advise VCH in advance of any such potential detraction or negative impact. CLIENT REFERRAL PROCESS Requests for Services by VCH. To confirm, VCH is under no obligation to request any Services from the Service Provider. If VCH elects to request Services from the Service Provider, VCH will contact the Service Provider via email to request the Services and provide the relevant information about the Client and the specific Services required per the HSO. VCH will send the referrals to the following email addresses: sspeirs@thekey.com Response by Service Provider. The Service Provider will ensure that its scheduling staff are available from 07:00 to 18:00 hours, Monday to Sunday (or as otherwise specified by VCH) to respond to VCH’s requests for Services and handle scheduling matters. The Service Provider will respond to VCH’s requests in accordance with the following timeframes, to confirm whether the Service Provider will or will not fulfill the request: the Service Provider will respond to VCH within 30 minutes of receiving VCH’s request for Services that must be delivered within 24 hours of the request, and also include confirmation that the Service Provider’s staff are able to travel to the Client’s home (see below) and the Service Provider will respond to VCH within 60 minutes of receiving VCH’s request for Services that can be delivered any time after 24 hours of the request, and also include confirmation that the Service Provider’s staff are able to travel to the Client’s home (see below). Remote Locations and Modes of Transport. The Service Provider acknowledges that Client homes may be located in remote areas which are not readily accessible by public transit and/or may require the Service Provider’s staff to use a vehicle. To address VCH’s concern that the Service Provider may cancel the scheduled Client visit due to the Service Provider’s staff not having access to a suitable mode of transportation, the Service Provider will include such confirmation that the Service Provider’s staff are able to travel to the Client’s home, in its response to VCH under (a) or (b) above. Failure to Provide Clear Response. The Service Provider acknowledges that failure to respond to VCH’s request with a clear response as to whether it will or will not fulfill the request may lead to VCH fulfilling the need for the Services in some other manner. DELIVERY OF THE SERVICES Requests Governed by this Agreement. Each request which is issued by VCH to the Service Provider and accepted by the Service Provider, is made pursuant to the terms and conditions of this Agreement, which govern such request. The terms and conditions of this Agreement will be deemed to be incorporated into each request that is accepted by the Service Provider, regardless of whether or not the request references this Agreement. Delivery of the Services. Upon the Service Provider’s confirmation that it will fulfill VCH’s request for the Services, the Service Provider will diligently provide the Services in accordance with the HSO, the terms and conditions of this Agreement and any other instructions that may be provided by VCH. Staffing Responsibilities. The Service Provider will ensure that it has a full complement of trained, certified and competent staff to deliver the Services, including the following staff roles (as well as any other roles that the Service Provider determines are necessary to meet the requirements of this Agreement and provide the Services): Scheduling Staff: The Service Provider will have scheduling staff to receive and respond to VCH’s requests for Services and to manage the scheduling of the delivery of Services at Clients’ homes. Caregiver Staff: The Service Provider will have caregiver staff to deliver the Services in the Clients’ homes (the “Caregiver”). For each Client visit, the Caregiver will be a Community Health Worker (“CHW”) unless VCH specifically requests that the Caregiver be a Licensed Practical Nurse (“LPN”) or Registered Nurse (“RN”). The Service Provider must ensure that all of its CHWs, LPNs and RNs satisfy the following requirements: CHWs: CHWs must be residential care aides or home care attendants registered with the BC Care Aide & Community Health Worker Registry. The Service Provider must ensure that all CHWs are appropriately educated, trained and have relevant and recent work experience. LPNs and RNs: RNs and LPNs must be registered members of the BC College of Nurses and Midwives and their membership must be in good standing. The Service Provider must ensure that all RNs and LPNs are appropriately educated, trained and qualified. Supervisory Staff: The Service Provider will have supervisory staff, comprising of RNs and/or LPNs as determined appropriate by the Service Provider. Such supervisory staff will be responsible for the following, in accordance with their scope of practice: providing nursing supervision and support to CHWs (or LPNs as may be the case) during the provision of the Services in Clients’ homes (see also Section 5.3 below); appropriately delegating and assigning tasks to CHWs (or LPNs as may be the case), including training as required; identifying unstable Clients or significant changes in Clients’ status and referring to VCH or taking other appropriate action as deemed necessary and notifying VCH of these actions; training and providing orientation and competency assessments of CHWs; providing ongoing evaluation and supervision of CHWs; responding to Client complaints and concerns, reporting to managers within the Service Provider’s organization and ensuring that the issues are appropriately dealt with and resolved; attending Client case conferences and other meetings as required; and effectively liaising with VCH staff to resolve care issues and to ensure the needs of Clients are met. Personal Protection Equipment. The Service Provider must provide all necessary staff supplies for its staff to deliver the Services, including personal protection equipment which include masks, gloves, hand hygiene supplies, gowns and other staff supplies as may be required by VCH. Photo Identification. The Service Provider must ensure that all staff display photographic identification during provision of Services. SERVICE DELIVERY SHIFTS 24/7 Service Delivery. The Service Provider acknowledges that the nature of home support services requires that it be prepared to provide the Services on a 24 hour per day and 7 days per week basis including statutory holidays. Service Shifts. In each request for Services, VCH will specify the hours of Services required to be provided by the Service Provider for a Client, by reference to the following types of shifts, and the Service Provider will provide the Services within the shift(s) and hours specified by VCH: Hourly Shift: Services will be provided in 15 minute increments and will be rounded up to the nearest 15 minutes. The Service Provider agrees to provide a minimum hourly shift of 1 hour minimum per visit unless otherwise agreed by VCH Manager. Live-in Shift (24 hours): Services will be provided within a 24 hour period; comprising two 12 hour shifts, during which the Caregiver will be awake and providing Services to the Client. Overnight Shift: Services will be provided within an overnight period of 8 hours (which may be extended to 10 or 12 hours at VCH’s request), , during which the Caregiver will be awake and providing Services as needed to the Client. Breaks: It is the Service Provider’s responsibility to provide adequate break times for their Caregiver staff during the provision of Services. As the Client will be unsupported/unsupervised by the Caregiver during break times, the Service Provider will ensure that the Caregiver will leave the Client in a safe and comfortable position prior to starting their break. Professional Supervision during Shifts. During the provision of Services at a Client’s home, the Service Provider must ensure that an RN or LPN (as appropriate, based on their scope of practice and the specific Services being delivered) is available and accessible by the CHW (or LPN as may be the case) at all times during the shift, in order to: (a) support the CHW (or LPN as may be the case) in carrying out tasks safely; and (b) communicate with VCH staff regarding Client’s needs and/or the delivery of the Services. In the case of tasks delegated to a CHW by a RN, the Service Provider must ensure appropriate RN oversight and support is available to the CHW in accordance with the standards set out by the BC College of Nurses and Midwives. Adjustment of Hours prior to service delivery requires VCH Approval. VCH will specify the number of hours of Services that the Service Provider will deliver for each Client, and the Service Provider will provide the requested number of hours of Services. If the Service Provider determines, prior to the delivery of Services, that the number of hours should be adjusted upwards or downwards, it will discuss the adjustment with VCH and will only increase or decrease the number of hours with the prior written approval of VCH. Cancellations by Clients. The Service Provider will inform VCH immediately if a Client elects to refuse Services or permanently or repeatedly cancels delivery of the Services. POLICIES, STANDARDS AND SYSTEMS VCH Policies. The Service Provider will comply with VCH instructions, protocols, guidelines and policies pursuant to Section 2.3 of the main body of this Agreement, including without limitation: the VCH Regional Home Support Client Service Guidelines, as may be amended or replaced from time to time; and other VCH policies as required by VCH, which such policies are accessible online at: http://shop.healthcarebc.ca/vch and which include, but are not limited to: Occupational Health & Safety; Respectful Workplace and Human Rights; Cultural Competency and Responsiveness; Community Risk Screening; Abuse, Neglect or Self-Neglect of Vulnerable Adults; Heat Stress: Planning for and Preventing in Residential Care; Information Security; Information Privacy and Confidentiality; Record Retention; Falls & Injury Prevention Guideline in the Community; Footwear; Hand Hygiene; Employee Influenza Prevention Program and Exposure Management; Home Support Client Cancellation; Safe Patient Handling; Complaint Management; incident Management; Musculoskeletal Injury Prevention; Working Alone or in Isolation; and Infection Prevention & Control. Provincial Policies. The Service Provider will provide the Services in accordance with applicable Ministry of Health policies and guidelines, including without limitation: the Ministry of Health’s Personal Assistance Guidelines (PAG), as may be amended or replaced from time to time; and to the extent applicable to the Service Provider, the Ministry of Health’s Home and Community Care Policy Manual, as may be amended or replaced from time to time, and which is available online: https://www2.gov.bc.ca/gov/content/health/accessing-health-care/home-community-care/accountability/policy-and-standards/home-and-community-care-policy-manual. Service Standards. The Service Provider will also: collaborate with VCH in identifying and developing service innovations to improve access, responsiveness, effectiveness and efficiency of Client care including strategies that support Client independence and self-management; develop and maintain strategies and tools that address risk issues and provide mitigation including but not limited to a safe work environment for the Service Provider’s Personnel; maintain proper and detailed clinical records for each Client that is referred to the Service Provider by VCH under this Agreement, which records must include details regarding the specific Services provided, visits by the Service Provider, issues arising during provision of the Services, changes in the Client’s condition and profile, and other information as necessary to meet industry best practices; maintain infection control policies and procedures that meet VCH’s standards and policies; and provide the Home Support Services in safe, respectful, culturally sensitive and supportive manner which recognizes the dignity and worth of each Client and provides the best possible quality of Services. Staffing Standards. In order to maintain a high quality of Services, the Service Provider will: maintain documentation of current professional registration and staff competencies, including all training and professional development records and any other relevant documentation; upon request, the Service Provider will provide VCH written confirmation of the registration of each caregiver. ensure it has a documented system in place to ensure that staff are assigned only tasks that they have the training, experience and ability to perform competently; during the course of employment and prior to employing or engaging any individual to provide any part of the Services, implement all appropriate and/or required pre-employment and employment screening mechanisms (including without limitation, criminal record checks in accordance with Section 14 of the main body of this Agreement); support, maintain and assess the competencies of its staff through in-service training and on-site supervision; conduct on-site visits as required to support the individual skills of the CHW or other staff and needs of Clients; carry out performance appraisals, based on employee job descriptions and assigned tasks, which will be conducted prior to the end of the probationary period and regular intervals thereafter; ensure that all Service Provider’s Personnel are educated in and aware of falls prevention strategies and have the necessary competencies in dementia care, palliative care, medication administration and other special care areas identified by VCH; and otherwise diligently fulfill its responsibilities as an employer of the Service Provider’s Personnel, including compliance with applicable collective agreements (if relevant) and proper maintenance of employment records. Emergency Response Plan. The Service Provider will maintain an Emergency Response Plan (ERP) that will ensure an appropriate level of service for Clients during emergency situations and disasters based on their individual care needs and risk levels. The Service Provider will regularly review and update the ERP, and be prepared to implement it on short or urgent notice if necessary. The Service Provider will be responsible for implementing the ERP during emergency situations and disasters. Cancellation Monitoring: The Service Provider must have a system in place that monitors repeat cancellation by a Client for the same staff members of the Service Provider, and take appropriate investigative actions immediately. The Service Provider must inform and provide a detailed report to VCH when a Service Provider staff have 2 (two) or more repeated cancellations by a Client within the same month. COMPLAINTS AND INCIDENTS Internal Complaints Process for Clients. The Service Provider will maintain a system for addressing Client concerns and complaints which includes: providing Clients with information about the complaints process (including information about who to contact and a description of the complaint process) and the opportunity to express concerns and complaints, responding to concerns or complaints in a timely manner and ensuring corrective action and reporting back to Clients. The Service Provider must, subject to any protocol issued by VCH relating to the reporting and management of Incidents (pursuant to Section 3 of the main body of this Agreement): acknowledge receipt of concerns and / or complaints within 24 hours of notification; review, resolve and respond to all Client/Client's family / Client's substitute decision maker / authorized legal representative concerns / complaints within 7 days. inform VCH of its response to the Client / Client's families' / Client's substitute decision maker / authorized legal representative concerns / complaints, including any corrective actions, to be mutually agreed to between the parties, anticipated to be taken or taken and Client response, via the incident reporting and follow up process. Incident Reporting Process for Reporting to VCH. The Service Provider will have an approved incident reporting process in place which records: (a) Safety Events (as defined in Section 3.2 of the main body of this Agreement), incidents, near misses and hazards affecting both Clients and staff; (b) steps taken by the Service Provider in response to the Safety Event, incident, near miss or hazard; and (c) steps taken / to be taken by the Service Provider to improve processes to prevent a further occurrence of the Safety Event, incident, near miss or hazard. Reporting of Specific Events to VCH. Emergencies. The Service Provider is expected to take all immediate and appropriate action in response to an emergency with the Client. An emergency would include, but is not limited to, unexpected death, unexpected absence, ill-health requiring transfer to the emergency department. The Service Provider must advise VCH immediately, or as soon as is practical within 24 hours, of such emergencies, by contacting the following VCH contact person below: The Service Provider must use the after-hours telephone number below if contact is not successfully made using the above information, and also during evenings, weekends and statutory holidays: Unsafe Work Environment. The Service Provider must promptly report to the VCH Case Manager of any incidents of disrespectful treatment such as violence, aggression, threats, swearing, yelling, or sexual harassment whether verbal or physical. Where necessary, the Service Provider must collaborate with VCH to establish agreements between the Service Provider and the Client / family / Clients’ authorized legal representative acknowledging the role of each in the delivery of Services. Change in Client Status. The Service Provider must notify the VCH Case Manager within 24 hours of noticing a change in the Client's social, functional or clinical health status. Other Changes Potentially Impacting Client. The Service Provider will notify the VCH Case Manager within 72 hours of any circumstances which may affect the health, safety, or well-being of the Client. COMMUNICATION AND FEEDBACK The Service Provider is expected to communicate with the VCH Clinicians on a regular basis as required. VCH and Service Provider management should meet monthly, or as otherwise required by VCH, to review progress, operations, working relationship, and improvements required if any. The Service Provider will attend VCH clinical team meetings, upon request. DISPUTE RESOLUTION A collaborative approach is encouraged where Service Provider and VCH designates are unable to resolve the issues on site. Decision-making will be as close to the point of service delivery as reasonably possible. VCH’s decision-making authority will be based on the type of decision required, taking into account the level of risk assessed by VCH Clinicians, and the financial impact. The goal is to achieve efficient and effective decision-making, improve peer-to-peer communications and problem solving capabilities at the site level. QUALITY ASSURANCE, EVALUTION AND MONITORING 10.1 The goals of home support quality performance expectations and Indicators are: delivery of care to increase overall efficiency, flexibility, accountability, quality and responsiveness; promoting delivery of services through a team-based approach where applicable; improving continuity of care to Clients; improving the skills and competencies of Service Provider’s Personnel; supporting more Clients with higher levels of care complexity to remain at home; preventing or delaying deterioration in health; prevention of unnecessary acute care or emergency hospital visits; preventing or delaying admission to assisted living or residential care; and promoting early discharge from acute care delivery of the Services. 10.2 The Service Provider will provide services which meet the quality and service delivery requirements as set out by VCH. Quality performance expectations and Indicators may change from time to time at the discretion of VCH in accordance with industry best practices and to ensure that the Services are continuously improved over the term of the agreement. The Service Provider will advise VCH of any rating received by an accrediting body and will provide VCH with a copy of any survey report. 10.3 The Service Provider will allow for evaluation and assessment of the care being provided to the Client and the progress of the Client's well-being; and allow the VCH Home Health Case Manager to complete assessments, review reports, make inquiries with other professionals that have been involved with the Client's care to see how the Client is progressing as needed. 10.4 The Service Provider will develop, maintain and implement its own quality improvement process, and will provide information regarding such process to VCH upon request. The Service Provider will share results from its quality improvement process as a part of the regular review process with VCH. Some reports may be required monthly or quarterly, or on some other basis, at VCH's discretion. If requested by VCH, the Service Provider will take steps to improve the quality improvement process. REPORTING The Service Provider will submit to VCH on a monthly basis (15 days after the month ends) or such other basis as may be requested by VCH, a statistical and written report, in the format prescribed by VCH, which will include the following: Total number of Clients Actual Service hours/minutes by Client Number of shifts accepted/denied Total number of clients on hold (including reason) Total number of Not completed but billable visits client no-show for a scheduled visit service refused for scheduled visit client cancellation with less than 24 hours notice (provide date/time cancellation received) client hospitalized (less than 24 hours notice provided) unable to provide service due to health and/or safety concerns Cancellation Monitoring (Schedule A 6.6) – repeat cancellation by a client for the same SP staff member where 2 or more repeated cancellations within the same month. All critical incidents (per Schedule A 7.2), specific events (per Schedule A 7.3) and client complaints (per Schedule A 7.1), including response and follow up from the Service Provider; Turnover of key management personnel of the Service Provider Reports must be delivered to the VCH contact in Section 12. POINTS OF CONTACT TRANSITION The Service Provider understands and agrees to work cooperatively with VCH to ensure an orderly and time-efficient transition of Clients at or near the end of the Term, either to VCH or a VCH contracted home support service provider, as may be directed by VCH. Such transition will include, without limitation, the transfer of clinical records (in paper and electronic form). TERM The term of the Agreement is April 1 2024 to March 31, 2027 (the “Term”). Subject to the written consent of VCH, if the Service Provider continues to perform Services following the end of the Term, then prior to entering into a new agreement for the succeeding period, the terms and conditions of this Agreement will continue to apply, including, without limitation, the payment terms set out in Schedule B (Payment and Financial Reporting), until the new agreement is fully executed. SCHEDULE B PAYMENT AND FINANCIAL REPORTING service provider: Orofresh Enterprises Inc. (dba The Key) CONTRACT ID #: ID011393 PROGRAM: Home Support Surge – Coastal, North Shore TERM: April 1 2024 – March 31, 2027 SUMMARY OF KEY TERMS: Maximum Amount: Not applicable. Rates: For each hour of Service provided by a Caregiver under this Agreement, VCH will pay the Service Provider at the rate of $40.75, except for Services provided between 12:00 a.m. and 11:59 p.m. on statutory holidays (as defined in section 1 of the Employment Standards Act, RSBC 1996, c 113, as amended from time to time), for which VCH will pay the Service Provider at the rate of $61.12. VCH is under no obligation to pay the Service Provider at rates other than the foregoing, whether for overtime or otherwise. On April 1, 2025, and on each anniversary date thereafter (the “Anniversary Date”) during the Term, the rates set out in paragraph 2 of this Schedule B will be subject to an annual adjustment with effect on the Anniversary Date by a percentage equivalent to the average annual percentage increase in British Columbia Consumer Price Index (BC CPI), calculated using the most recently published data for the last 12 month period before February 1 of the relevant year, subject to a minimum percentage adjustment of 2% and a maximum percentage adjustment of 4%. VCH will notify the Service Provider of the adjustment in writing by February 28 of the relevant year. All-inclusive rates. Rates are “all-inclusive” meaning that they include all costs of providing the Services, including travel, the costs of professional care services, administrative services, overtime, transportation, supplies and any other cost or expense incurred by the Service Provider in delivering the Services. For clarity, VCH is not liable to pay for any additional fee, surcharge or other cost on top of the rates specified in the above table. Exclusive of taxes. The above rates exclude applicable taxes. No show. The Service Provider will not charge VCH for Services where the Service Provider’s Personnel fail to show up for the delivery of Services. Billable, not completed visits. The Service Provider may bill VCH for the cost of non-completed visits in the following circumstances where less than 24 hours’ notice has been provided: late cancellation by the Client; service refusal by the Client; unable to provide service due to health and safety reasons or workplace violence reasons; and Client in hospital at short notice. The Service Provider should separately report these instances to VCH within 24 hours of occurrence. Hospitalization: The Service Provider will not provide or bill for Services when the Client is in hospital without prior authorization from VCH. The exception is when hospitalization occurs with less than 24 hours' notice as detailed above in Section 2(e) (Billable, Not Completed Visits). Unauthorized services not eligible for payment without VCH approval: The Service Provider will not be permitted to charge (and VCH will not be liable to pay) for any of the following services, which are considered unauthorized unless otherwise instructed by VCH in writing: Any service delivered when the Client is absent from the home; Any service delivered to the Client at a location not specifically identified in the HSO (e.g., a residence other than the Client's home, a restaurant or shopping mall) unless pre-authorized by VCH; Any service delivered to a Client in a hotel, hospital or residential care facility, unless pre-authorized by VCH; Transporting a Client in a personal vehicle, whether the vehicle is owned by the Service Provider, Client or family member; Escorting a Client by HandiDART, public transit or taxi unless authorized by VCH; Lifting or transferring a Client without the use of an approved patient lifting protocol which may include without limitation the use of equipment (see VCH safe patient handling policy and WorkSafe Policy at http://www.worksafebc.com/publications/high_resolution_publications/assets/pdf/bk79.pdf) Pet care of any kind; Shopping (the sole exception is phone ordering from the Client's home if identified in the HSO); Banking. The Service Provider may not use the Client's debit or credit cards nor have knowledge of Client PIN numbers or passwords used in financial transactions or handle cash for the Client; and Mail collection / distribution / management. Expenses: Expenses are not eligible for reimbursement by VCH, unless the Service Provider seeks VCH’s approval in writing prior to incurring the expense. The Service Provider is required to submit original receipts for any approved expenses claimed. Invoices and statements of account. In order to obtain payment of the Funds under this Agreement for a period from and including the first day of a month to and including the last day of that month (each, a “Billing Period”), the Service Provider must comply with the following : The Service Provider will prepare and submit a written invoice in a form satisfactory to VCH containing: the legal name and address of the Service Provider; the date of invoice and the Billing Period to which the invoice pertains; the Service Provider’s calculation of all fees claimed for the Billing Period, including: all hours worked during the Billing Period; and Client name, address and PHN for all Services delivered during the Billing Period. a chronological listing, in reasonable detail, of any expenses claimed by the Service Provider for the Billing Period with receipts attached, if applicable, and, if the Service Provider is claiming reimbursement of any GST or other applicable taxes paid or payable by the Service Provider in relation to those expenses, a description of any credits, rebates, refunds or remissions the Service Provider is entitled to from the relevant taxation authorities in relation to those taxes; the Service Provider’s calculation of any applicable taxes payable by VCH in relation to the Services for the Billing Period; a description of this Agreement including the Program and Contract ID #; an invoice number for identification; and any other billing information reasonably requested by VCH. The Service Provider will prepare and submit a statement of account in Microsoft Excel format using the template attached as Exhibit 1 to this Schedule B and containing the information set out therein, covering the Billing Period. Upon a satisfactory reconciliation, VCH will pay the Service Provider in accordance with Section 7 below. VCH reserves the right to hold back payments for Services where the reconciliation has revealed discrepancies between the Services authorized by VCH and the Services billed by the Service Provider, until such discrepancies are resolved to VCH’s satisfaction. Submission of invoices and supporting information. All invoices and supporting information should be emailed to the following address: nscsilclerks@vch.ca Submission of statements of account. All statements of account must be emailed 3 business days after the last day of the billing period to the attention of the following person at the following address: Payments Due: Within 30 calendar days of VCH’s receipt of the Service Provider’s written invoice delivered in accordance with this Schedule, VCH will pay the Service Provider the fees and expenses (plus any applicable taxes) claimed in the invoice if they are in accordance with this Schedule and the rest of this Agreement. Financial Reports. The Service Provider will submit the following to VCH: the Financial Reports (if required by VCH), which will be consistent with VCH’s financial reporting systems and time requirements. Submission of Financial Reports. The Financial Reports (if required by VCH) should be submitted electronically to the appropriate Financial Planning and Business Support (FPBS) Manager as identified in the table below: Consequences for Late Reporting: If the Service Provider fails to submit the Financial Reports in accordance with the deadlines specified above, VCH may withhold, at minimum, the lesser of $500 or 1% of the value of the Funds, per occurrence, as compensation for any costs, including internal costs, that it may have incurred in connection with such non-compliance. GENERAL TERMS AND CONDITIONS RELATING TO PAYMENT AND FINANCIAL REPORTING: Subject to compliance by the Service Provider with the terms and conditions set out in this Agreement, VCH will pay to the Service Provider the fees and expenses described in this Schedule (the "Funds") as full payment and reimbursement for providing the Services, and the Service Provider will accept the Funds as such full payment and reimbursement. VCH is not obliged to pay to the Service Provider more than the Maximum Amount specified in this Schedule on account of the Funds, and the Service Provider will be solely responsible for any additional costs or expenses incurred in the delivery of the Services or otherwise in relation to this Agreement that exceed the Maximum Amount. Upon expiry or termination of this Agreement: VCH will, within 60 calendar days of such expiry or termination, pay to the Service Provider any unpaid portion of the Funds which corresponds with the portion of the Services that was completed to VCH's satisfaction before the effective date of such expiry or termination; and the Service Provider will, within 60 calendar days of such expiry or termination, repay to VCH the portion of any paid Funds which corresponds with the portion of the Services that VCH has notified the Service Provider in writing was not completed to VCH's satisfaction before the effective date of such expiry or termination. The payment by VCH of the amount described in paragraph (a) discharges VCH from all liability or obligation to the Service Provider in connection with this Agreement or its termination. The Service Provider will keep proper books of accounts, records, invoices and receipts of all payments and expenditures relating to the provision of Services under this Agreement and, if required by VCH, will provide to VCH accurate and correct financial reports in accordance with this Schedule and in such format as may be required by VCH (the “Financial Reports”). Unless otherwise specified in this Agreement, the Service Provider will retain all such books of accounts, records, invoices and receipts and Financial Reports for a period of not less than seven years after this Agreement ends. This Section 12 will survive the expiry or termination of this Agreement. The Service Provider will also submit financial statements in accordance with the following: If VCH pays to the Service Provider an amount that is $1,000,000 or more in total annual payments on account of the Funds, the Service Provider will prepare and submit an annual audited financial statement prepared in accordance with Canadian accounting standards for not for profit organizations or for private enterprises, as applicable, within 120 calendar days following the end of the Service Provider's fiscal year. The annual audited financial statement will include at a minimum, the Auditor's Report, Statement of Financial Position, Statement of Operations, Statement of Changes in Net Assets Statement of Cash Flows, and Notes to the Financial Statements. If VCH pays to the Service Provider an amount that is less than $1,000,000 in total annual payments on account of the Funds, the Service Provider will provide an annual financial statement prepared in accordance with Canadian accounting standards for not for profit organizations or for private enterprises, as applicable, as set out in Section 13(a), excluding the Auditor's Report. VCH will give at least three (3) months written notice of any change in the format of Financial Reports or financial statements. EXHIBIT 1 to Schedule B - Subcontractors NOT USED Insurance The Service Provider must, without limiting the Service Provider’s obligation or liabilities and at the Service Provider’s own expense, purchase and maintain throughout the Term the following insurances with insurers licensed in Canada in forms and amounts acceptable to VCH: Commercial General Liability in an amount not less than $2,000,000.00 inclusive per occurrence against bodily injury, personal injury and property damage and including liability assumed under this Agreement and this insurance must: include VCH as an additional insured; be endorsed to provide VCH with 30 days advance written notice of cancellation or material change; and include a cross liability clause. All insurance must be primary and not require the sharing of any loss by any insurer of VCH. The Service Provider must provide VCH with evidence of all required insurance by delivering to VCH a completed and signed copy of the INSURANCE CERTIFICATE attached as Exhibit 1 to this Schedule: within 10 working days of commencement of the Services; and if the insurance expires before the end of the Term of this Agreement, within 10 working days of expiration, and notwithstanding (a) or (b) above, if requested by VCH at any time, the Service Provider must provide to VCH certified copies of the required insurance policies. The Service Provider will provide, maintain, and pay for, any additional insurance which it is required by law to carry, or which it considers necessary to cover risks not otherwise covered by insurance specified in this Schedule in its discretion. Insurance Certificate CERTIFICATE OF INSURANCE PART 1 To be completed by the Service Provider PART 2 To be completed by the Insurance Agent or Broker All insurance is primary and does not require the sharing of any loss by an insurer of VCH. This certificate certifies that policies of insurance described herein are in full force and effective as of the date of this certificate and comply with the insurance requirements of the Agreement identified above, except as follows: PRIVACY AND DATA SCHEDULE Purpose. This Schedule is incorporated into and forms part of the agreement to which it is appended (“Agreement”) which is between Vancouver Coastal Health Authority, a public body under FIPPA, (the “HO”) and My Care Matters Health Services Inc. (the “Service Provider”). The Agreement requires or may require that the Service Provider engage in the processing of Data on behalf of the HO. The purpose of this Schedule is to ensure the security of the Data, and that the Parties to the Agreement comply with their obligations under FIPPA and other Applicable Law. Interpretation. In this Schedule, references to “processing” of information or data means any one or more, as applicable, of the collection, use, disclosure, storage, access to, retention or disposal of information and includes any other operation or set of operations performed on data or information such as recording, organization, structuring, adaptation or alteration, retrieval, transmission, dissemination, copying, exporting, transferring, combination or destruction. Capitalized terms in this Schedule will have the following meanings: “Accepted Security Standards” means the ISO 27000 series (including ISO standard 27001 and 27002) as those standards may be supplemented and replaced from time, and such additional security standards as the HO may specify in writing prior to the Execution Date or that the Parties may agree in writing at any time to add or substitute. “Applicable Law” means all present and future Canadian laws, statutes, regulations, bylaws, rules, codes, ordinances, judgments, decrees, writs, administrative interpretations, guidelines, policies, injunctions, orders or the like of any Canadian federal or provincial court, the Commissioner or other governmental authority, and includes FIPPA. “Authentication Standards” has the meaning set out in paragraph (j) at section 9 of this Schedule. “Breach Incident” means any processing of Data by the Service Provider, its Personnel or third parties that is not authorized by or in compliance with the Agreement, this Schedule or FIPPA, and includes the loss or theft of any Data or Records. “Business Day” means a day other than a Saturday, a Sunday or any other day that is defined as a “holiday” under the Interpretation Act, R.S.B.C. 1996, c. 238, as amended. “Chief Privacy Officer” means the individual designated by a Party with responsibility for compliance with FIPPA and this Schedule. “Chief Security Officer” means the individual designated by a Party with responsibility for compliance with all matters related to data security under this Schedule. “Cloud Service Standards” means any one of the following: (i) ISO/IEC 27017 and 27018 (and its appendix), demonstrated via certification with accreditation; (ii) NIST SP 800-53, demonstrated via certification with accreditation; (iii) Level 2 of Cloud Security Alliance (CSA) Security Trust and Assurance Registry (STAR) Certification; or (iv) any other widely adopted cloud security standard that is approved by the HO in writing for use by the Service Provider in connection with the Services. “Commissioner” means the Information and Privacy Commissioner for British Columbia. “Conflicting Foreign Order” means any order, subpoena, directive, ruling, judgment, injunction, award or decree, decision, request or other requirement issued by a foreign court, agency of a foreign state or other authority outside Canada or any foreign legislation the compliance with which would or could potentially breach FIPPA. “Confidentiality Agreement” means an agreement between the Service Provider and its Personnel requiring that Personnel comply with the requirements of this Schedule, FIPPA and other Applicable Law and to maintain the confidentiality and security of the Data on terms no less protective than the terms set out in this Schedule. “Confidential Information” means the information or records of the HO, if any, designated or defined in the Agreement as comprising the HO’s “Confidential Information”. “Contracted Use” has the meaning set out in section 5 of this Schedule, and, for greater clarification, includes the Service Provider’s use of Data to provide troubleshooting and other support to the HO, and its use of Data, other than Personal Information, to analyze and/or improve the Services and Systems. “Contractor” has the meaning set out in paragraph (d) at section 8 of this Schedule. “Data” means all Personal Information, Confidential Information and any Metadata comprising or containing Personal Information or from which Personal Information may be discovered or inferred, and includes any such Personal Information, Confidential Information and Metadata that is collected, obtained, stored, generated or otherwise processed or accessed by the Service Provider through the provision of the Services or the use of the Systems, and further includes all derivative works of any of the foregoing which are created and stored as part of the totality of the Services or associated System(s). “Data Management Plan” means any data management plan prepared by the Service Provider in accordance with section 8 of this Schedule. “Effective Date” means the date the Service Provider commences providing the Services. “Excluded Information” or “Excluded Records” means information, documents or recorded information that (i) relates solely to the Service Provider’s internal administration, finances, management, or labour and employment matters, unless containing or comprised of Data or information from which Data could reasonably be discovered or inferred; or (ii) the HO confirms in writing are excluded from the application of this Schedule. “Execution Date” means the date that all of the Parties have executed the Agreement. “Facilities” means the physical locations the Service Provider uses or permits its Personnel to use to provide the Services, house its Systems or store, process or access any Records containing Data, but excludes the HO’s facilities and sites. “FIPPA” means the Freedom of Information and Protection of Privacy Act (British Columbia), and regulations enacted thereto, as amended from time to time. “Least Privilege” means the principle requiring that each person with access rights to an information system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks so as to limit the damage that can result from accident, error or unauthorized use. “Material Breach” means (i) the occurrence of a Breach Incident caused, directly or indirectly, by the acts or omissions of the Service Provider or its Personnel where, the HO, acting reasonably, determines, in its sole discretion, that the Breach Incident gives rise to Significant Harm or could reasonably be expected to result in Significant Harm to the HO or affected individuals; or (ii) the failure of the Service Provider to cure or to take reasonable steps to cure any non-compliance with this Schedule to the satisfaction of the HO within twenty (20) Business Days of the delivery of notice of non-compliance by the HO to the Service Provider; or (iii) if a Data Management Plan is required under this Schedule, the failure to develop, implement or obtain HO approval for the Data Management Plan, or amendments thereto, in accordance with the requirements of this Schedule. “Metadata” means information that is generated by an electronic system and describes an individual’s interactions with the electronic system. “Need-to-Know” means the principle that access to Data be restricted to authorized users of an information system who require such access in order to carry out their mandated role or authorized duties. “Parties” means the parties to the Agreement. “Personal Information” means “personal information”, as defined in FIPPA, that is collected, compiled or created by the Service Provider or otherwise obtained or held by or accessible to or processed by the Service Provider as a result of the Agreement or any previous agreement between HO and the Service Provider dealing with the same or similar subject matter as the Agreement, but excluding the Excluded Information. For greater clarification, at the time of drafting, “personal information” is defined in FIPPA as recorded information about an identifiable individual excluding “contact information”; and “contact information” is defined as information to enable an individual at a place of business to be contacted including the name, position name or title, business telephone number, business address, business email or business fax number of the individual; “Personnel” means all persons or entities authorized or permitted by the Service Provider to deliver the Services or access or process the Data and Records, and includes the Service Provider’s present and future directors, officers, employees, contractors (including Contractors), subcontractors , associates and affiliates (and for greater clarification “associate”, “affiliate” and “employee” shall have the meanings set out in FIPPA); “PIA” means a Privacy Impact Assessment; “Record” means a “record” as defined in FIPPA containing Data that is accessed, collected, maintained or produced by the Service Provider in the course of delivering Services or otherwise performing its obligations under the Agreement, but does not include: (a) a computer program or any other mechanism that produces records or (b) Excluded Records. For greater clarification, at the time of drafting “record” is defined in FIPPA as including books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which personal information is recorded or stored by graphic, electronic, mechanical or other means. “Removable Media and/or Devices” means any portable device used to manage, operate or process Data and that is capable of storing information, and includes any hand held device or other electronic data storage devices (e.g. laptop, smart phone, CD-Rom, DVD, and USB). “Schedule” means this Privacy and Data Security Schedule as amended from time to time. “Secured Data Sets” means a database containing or comprised of Data or any collection of Data maintained in electronic form by the Service Provider on behalf of the HO, as more fully described in paragraph (f) at section 9 of this Schedule. “Security Requirements” means the requirements set out in section 9 of this Schedule. “Services” means the provision or supply of any services to the HO by the Service Provider under the Agreement. “Significant Harm” means actual loss or harm that, in the opinion of the HO, acting reasonably, has a significant negative impact on the HO or on affected individuals as a result of a Breach Incident, and includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, ransomware attack, negative effects on the credit record and damage to or loss of property, damage to HO Systems or other loss or harm giving rise to financial loss or expense. “STRA” means a Security Threat Risk Assessment. “System” means any systems, subsystems, equipment, infrastructure, networks, management networks, servers, hardware and software the Service Provider uses in providing the Services or processing of Data, but excluding any the HO owns or makes available to the Service Provider in relation to the Agreement or the Services. Service Provider Commitment and Scope The terms of this Schedule apply to the Service Provider, the System and the Services. The Service Provider is subject to and will comply with the requirements of FIPPA, this Schedule, Applicable Law and any written direction issued by the HO under this Schedule, including by developing, maintaining and upholding policies and procedures specific to the security of the Data and consistent with the Agreement, FIPPA and this Schedule. If requested, the Service Provider will provide evidence to the HO to demonstrate to the HO’s reasonable satisfaction that the Service Provider and any Personnel processing Data or performing the Services on the Service Provider’s behalf are compliant with the terms of this Schedule, and have implemented measures sufficient to ensure such compliance and to constitute effective controls over the processing of the Data and Records. The Service Provider represents that it has the capacity and legal and contractual authority to monitor, and will monitor and enforce, its compliance with this Schedule, including where its obligations are performed by Personnel on behalf of Service Provider. The Service Provider will, at its own expense, take all commercially reasonable steps to enforce such legal and contractual commitments of its Personnel, as and when such enforcement may be required, in order to enable the Service Provider to maintain compliance with its obligations under this Schedule. Custody and Control As between the HO and the Service Provider, all right, title and interest and control in and to all Records and Data will remain with the HO. Except as expressly set out in the Agreement, no proprietary right, right of access or other interest respecting the Data and Records, other than as expressly set out herein, is granted to the Service Provider under this Schedule, by implication or otherwise; Where the Service Provider provides services under contract with one or more other public bodies in which such other public bodies also assert control over the same or overlapping Data or Records, the Parties will work together in good faith to resolve any competing claims to the Records and Data. In such a case, the Service Provider will not be considered to be in breach of this Schedule by reason only of its inability to provide unfettered control over the Records and Data to the HO. Grant of Access The Service Provider is granted temporary access to the Data and Records on the terms and conditions of this Schedule and the Agreement for the sole and express purpose of providing Services to the HO and for no other use or purpose (“Contracted Use”). The Service Provider will ensure that neither it nor its Personnel engages in the processing of any Data except in compliance with this Schedule and FIPPA and only for the Contracted Use. No Secondary Use Notwithstanding (a) any provision of the Agreement, (b) any obligations that the Service Provider may owe to any third party, including its Personnel, whether pursuant to any agreement that exists or may come into existence between the Service Provider and a third party or otherwise; but (c) without limitation to any obligations of the Service Provider under the Agreement regarding Data that is Personal Information, the Service Provider shall not, and shall be responsible to ensure and monitor on an ongoing basis that any Personnel that have or may have access to the Data do not engage in any processing of Data, including Metadata comprising or containing Personal Information or from which Personal Information may be discovered or inferred, for any purposes other than to perform the HO Contracted Use (each a “Secondary Use”). The Service Provider shall implement and maintain appropriate safeguards (including contractual, operational and technological controls) sufficient to ensure that the Data is not subject to any Secondary Use by it or its Personnel. Any Secondary Use of the Data (including anonymizing the Data or extracting anonymous elements of the Data for any Secondary Use) by the Service Provider shall require notice to the HO’s Chief Privacy Officer and written HO approval of the HO. Responsibility for Personnel The Service Provider specifically assumes all responsibility for its Personnel and for any acts or omissions of its Personnel in connection with any and all processing of the Data. No delegation or subcontracting by the Service Provider of any right, duty or obligation under the Agreement or the Schedule will alter or diminish the Service Provider’s obligations under this Schedule. The Service Provider will defend, indemnify and hold harmless the HO, the members of its board, and its officers, employees and representatives of, from and against any and all loss, cost, liability, damage, fee, penalty or other expense, including legal fees (on a solicitor and own client basis) suffered or incurred by the HO, or its board members, officers, employees or representatives, or any of them, arising from any breach by the Service Provider of any of its covenants or obligations under this Schedule or any acts or omissions, including negligent acts or omissions, of it or its Personnel in breach of the provisions of this Schedule, FIPPA or other Applicable Law. Paragraph (b) in this section 7 is in addition to any rights of indemnity granted under the Agreement. Due Diligence Measures In the event that the HO determines that it requires further information or explanation of how the Service Provider meets the privacy and data security requirements set out in this Schedule, the HO may request and the Service Provider will prepare and supply to it for its approval a written Data Management Plan, setting out detailed particulars of the Service Provider’s policies, procedures and data security measures demonstrating how they meet or exceed the Security Requirements, the Cloud Service Standards, the Accepted Security Standards and the other requirements of section 9 of this Schedule. The HO may also require the Service Provider to prepare or update a Data Management Plan for HO approval following a Breach Incident. The HO reserves the right to specify the form or format for the Data Management Plan. If a Data Management Plan is required by the HO, the Service Provider will throughout the term of the Agreement implement and uphold the approved Data Management Plan. Any material changes to the Data Management Plan, unless such changes enhance the protection afforded to the Data, Records and Systems (“Enhancements”), will be submitted to the HO for its approval. With the exception of Enhancements, no changes in the Data Management Plan will be implemented unless or until such changes are approved by the HO. In the event of any conflict or inconsistency between a Data Management Plan and this Schedule, the requirements of this Schedule shall govern to the extent of such conflict or inconsistency, unless the Data Management Plan set sets out a higher or better standard of privacy or data security than those required by this Schedule, in which case the higher or better standard shall govern. The Service Provider shall support and cooperate with the HO’s efforts to review the Service Provider’s compliance with this Schedule, including by cooperating with the HO in completing a PIA and STRA and, if required under paragraph (a) of section 8 of this Schedule, through HO approval of a Data Management Plan (the “Due Diligence”). The Parties will work together to ensure that such Due Diligence is completed by the Effective Date or within such longer period as the HO may otherwise specify in a written notice to the Service Provider (“Completion Date”). If, on or before the Completion Date, the Due Diligence is not completed to the satisfaction of the HO or it fails to demonstrate the Service Provider’s compliance with this Schedule to the satisfaction of the HO, then the HO may within thirty (30) Business Days elect to terminate the Agreement on written notice to the Service Provider which termination shall have effect on the date specified in such notice. If requested by the HO, on or before the Effective Date, the Service Provider will provide the HO with a listing of all contractors and subcontractors (each a “Contractor”) that the Service Provider permits to access or process the Data, including full particulars of each Contractor’s involvement in processing Data and the terms of applicable Confidentiality Agreements or other contractual commitments in place to ensure that each such Contractor maintains the privacy and security of the Data and otherwise acts in compliance with the terms of this Schedule. Security Requirements The Service Provider must protect all Data, Records and Systems by ensuring reasonable security arrangements are in place, including by implementing and maintaining the following measures: Organizational Security. The Service Provider shall implement, maintain and enforce organizational security measures including: (i) policies and practices that are consistent with the Least Privilege and Need-to-Know principles, with robust identity and access audit and review processes to ensure effectiveness of access policies and technical controls; (ii) clearly defined roles and responsibilities for Personnel; (iii) performance of appropriate security clearances or background checks on Personnel authorized to access and process Data ; (iv) appointing and maintaining a Chief Privacy Officer and Chief Security Officer trained in personal information privacy laws in Canada; and (v) having in place appropriate privacy and security policies and privacy breach and security incident response processes consistent with the requirements of FIPPA and this Schedule. Access by Personnel. The Service Provider will implement, maintain and enforce access controls ensuring that Personnel are granted access to the Data and Records only where such access is necessary for the performance of the Service Provider’s obligations under the Agreement and in compliance with this Schedule, including by (i) obtaining and enforcing signed Confidentiality Agreements from all Personnel with access to or physical possession of Data or Records, including on the renewal or amendment of the Agreement or this Schedule; (ii) ensuring Personnel do not store Personal Information outside of Canada, except where permitted under this Schedule or otherwise approved by the HO in writing; and (iii) revoking rights of access to and use of Data by Personnel where there is reason to believe that they have engaged in any act or omission in violation of this Schedule, the Agreement or a Confidentiality Agreement. Physical Security The Service Provider will implement, maintain and enforce reasonable physical security measures to protect against the risk of Breach Incidents including: (i) ensuring Data and Records are maintained by the Service Provider only at its Facilities in Canada, unless authorized by the Agreement or otherwise by the HO in writing; (ii) ensuring all Facilities have reasonable physical security measures in place to protect against Breach Incidents; (iii) ensuring that access to the Facilities is restricted to authorized individuals and that access is appropriately logged or tracked (e.g. access cards, user codes) and reviewed at least monthly; (iv) prohibiting Personnel from any unauthorized copying, modification or removal of Data from the Facilities, except as required to provide the Services and in compliance with this Schedule; and (v) maintaining up-to-date inventories of Data and Records created and maintained by the Service Provider. Training Plans. The Service Provider will create, implement and maintain training plans for Personnel, including with respect to the privacy and security requirements of this Schedule, work station access, the Least Privilege and Need-to-Know principles, the Service Provider’s policies and procedures applicable to privacy breach and Breach Incident reporting, and any other recommendations contained in any PIA or STRA conducted under this Schedule. Data Security. To the extent that the Service Provider processes Data maintained in electronic form, the Service Provider will ensure that it has policies, procedures and other measures in place for the security of the Data and its Systems:, including by: (i) incorporating and maintaining data security measures that are compliant with the Accepted Security Standards and the Cloud Service Standards; (ii) incorporating industry standard security enhancing technologies and cryptographic controls into its System security; (iii) having in place all network controls to maintain security of the Data and Systems consistent with commercially reasonable industry practice and guidance; (iv) requiring that access to all physical equipment and data storage Facilities utilized by the Service Provider in connection with its Systems is securely maintained and access is limited to authorized individuals; (v) ensuring Systems are kept current with respect to virus and malware protection and similar threats, including timely installation of security patches and software updates, (vi) incorporating encryption in transit and at rest to protect against unauthorized access; (vii) using secure coding practices when developing applications and application programming interfaces, and (viii) implementing the recommendations identified in any applicable STRA. Secured Data Sets. To the extent that the Service Provider maintains Secured Data Sets on behalf of the HO, the Service Provider will ensure its Systems, policies and procedures: (i) require that Secured Data Sets are not stored on Removable Media or Devices unless expressly set out in an HO approved Data Management Plan or otherwise authorized by the HO in writing; (ii) require creation and maintenance of an inventory of all Secure Data Sets maintained by the Service Provider; (iii) provide for the protection of Secured Data Sets in accordance with the Authentication Standards; (d) implement and maintain network segmentation configurations that restrict and control network traffic to only that which is required between the Service Provider owned and operated networks or Systems and other networks or Systems; and (e) prohibit remote access to Secured Data Sets except as set out in an HO approved Data Management Plan or otherwise expressly authorized in writing by the HO. Removable Media and Devices. The Service Provider will implement measures to prevent the transfer or copying of Data onto Removable Media and Devices, except as necessary to perform the Services and as set out in an HO approved Data Management Plan or otherwise authorized in writing by the HO. To the extent that storage of Data on Removable Media or Devices is permitted by the HO, the Service Provider will ensure that encryption and password protection is utilized to secure any Data in alignment with industry standards. The Service Provider will ensure that all Data on such devices is securely destroyed when no longer needed to perform the Services. Computers and Equipment. The Service Provider will develop, implement and enforce policies and procedures regarding any devices or equipment, other than Removable Media and Devices, used by it in the processing of Data, including all desktop computers and other electronic devices. Such measures will: (i) comply with the Accepted Security Standards; (ii) impose a requirement that remote access to the Data by Personnel or third parties be necessary for the delivery of the Services and, if applicable, the procedures for such access be described in an HO approved Data Management Plan; (iii) require that such devices and other equipment not be removed from its Facilities unless necessary to perform the Services; (iv) require that internal storage devices containing Data are securely locked down or disabled prior to removal from its Facilities; and (v) provide for the secure destruction of Data from desktop computers or internal storage devices and other equipment when no longer needed, prior to disposal or where destruction is required by the Agreement. Services Provided On Premise. Where Personnel are working within the HO’s facilities, or using HO Systems, technology or equipment (collectively, “HO Systems”), the Service Provider and all its Personnel will comply with: (i) the HO’s privacy, security and confidentiality policies related to the HO Systems; (ii) any terms of use, agreements, policies and guidelines identified by the HO as applicable to the usage of HO Systems; (iii) any directions that may be issued from time to time by the HO’s system administrators or privacy/security officers regarding access to and use of HO Systems and information contained therein; and (iv) other applicable policies of the HO. Authentication Standards. If the Service Provider is authorized under this Agreement to provide its Personnel with electronic access to Records and Data, then prior to commencing the delivery of the Services, the Service Provider will develop and maintain, and, if applicable, describe in its Data Management Plan, policies and procedures related to user authentication (“Authentication Standards”). Such policies and procedures will: (i) require unique individual user identification; (ii) include appropriate controls for the issuance of changes to and cancellation of user identifications and authentication mechanisms; (iii) require multi-factor authentication for remote access to Personal Information, unless otherwise authorized by the HO in writing; (iv) incorporate power on and screen save passwords and session time outs; (v) require that authentication codes and passwords are confidential, complex and are changed regularly (at least semi-annually); (vii) comply with the BC Government Electronic Credential and Authentication Standard, the Accepted Security Standards and any other directions of the HO concerning access controls or authentication standards. Electronic Communications and Transmissions. The Service Provider will develop, implement and maintain policies and procedures related to the secure transmission of email and other electronic transmissions containing Data, including by ensuring that all such transmissions are compliant with FIPPA, the Accepted Security Standards, Applicable Law and incorporate any recommendations set out in any related STRA. Wireless Networks. Any wireless networks maintained by the Service Provider which will connect or access any network owned or operated by the HO will be appropriately protected and secured in compliance with the Accepted Security Standards, including using WPA2/AES encryption and 802.1X based authentication. System Logs. The Service Provider will design and implement for the purposes of audit and investigation, including audit and investigation by the HO, a system to record and maintain user access records/logs to alert, monitor, correlate and track all access and use of the Data and Records and to record any events, notifications or alerts in relation to data security, including but not limited to system telemetry and Metadata required to detect cyber intrusion events. The Service Provider will for a period of at least three (3) years maintain and retain an audit trail of access to Records and Data in sufficient detail, which at a minimum, must include the date and time of Data access, identity of the user, and the type and scope of information accessed. The Service Provider will ensure online, real time access to such logs is available for at least ninety (90) Business Days from the date generated, after which time the logs may be stored offline, provided they are capable of timely retrieval and delivery to HO upon HO request. If requested, the Service Provider will provide the HO with online or real time access to logs and will have the technical capability to forward the logs to the HO in electronic form. All logs must use Coordinated Universal Time (UTC) event timestamps, and the Service Provider will make reasonable efforts to provide them to the HO in the form requested by the HO. Segregation of Data/Firewalls The Service Provider will take commercially reasonable steps to ensure that all Data and Records are securely segregated from any information owned by the Service Provider or third parties to prevent unintended mingling or unauthorized processing of Data or access by unauthorized parties and to enable Data and Records under the control of the HO under this Agreement to be identified and separated from those of the Service Provider or third parties. The Service Provider must implement and maintain, at standards that meet or exceed commercially reasonable industry practices and guidance: (i) firewall technology, web application firewalls, distributed denial of service, and intrusion prevention systems to control traffic flow to and from the Service Provider’s Systems; and (ii) measures sufficient to ensure the security of the Service Provider’s Systems and the Data in the event of any remote access to the Service Provider’s Systems by Personnel. Disaster and Emergency Plans. The Service Provider will ensure it has developed a business continuity and disaster recovery plan, and that it is protected against loss, damage or other occurrence including fire, environmental hazards and power interruptions that may affect its Systems or Facilities. Appropriate policies, procedure and technology will be in place to provide assurance that Data is protected against threats to availability. The Service Provider must ensure all Data used in the provision of Services and Secured Datasets are routinely backed up to an encrypted medium, protected from known threats and tested regularly. Effective cyber security incident management and response plans will be documented and tested regularly, and no less than annually; Testing. The Service Provider must regularly, and no less than annually, conduct penetration tests of System elements comprising cloud and web based infrastructure, and all System elements used in the provision of Services, including but not limited to the Service Provider’s enterprise network and internet presence, such testing will meet or exceed commercially reasonable industry practice and guidance. Once identified, a summary report must be prepared and provided to the HO indicating the number and severity of findings. Any identified vulnerabilities must be promptly resolved by the Service Provider. If requested by the HO, the Service Provider will disclose to the HO any and all external internet protocol address ranges and domain names in use by the Service Provider and used in connection with the delivery of the Services, and will permit or provide the HO authorization to conduct its own scans for vulnerabilities and weaknesses upon a schedule and method agreed to by both Parties. Hardening. Prior to being placed into production, the Service Provider must ensure that Systems and their components are hardened against attack and misuse, using methods and procedures that meet or exceed commercially reasonable industry practice and guidance for the hardening of the specific deployed platform. Vulnerability Scanning. During the term of the Agreement, the Service Provider must conduct vulnerability scanning on all Systems and their components on at least a monthly basis and promptly resolve any deficiencies or vulnerabilities detected by such scans. In addition, before putting the Systems or their components into production whether at the commencement of the Services or after implementing any major changes to the Systems, the Service Provider must conduct vulnerability scanning and resolve any identified deficiencies or vulnerabilities. Patches. All System components must receive patches and security updates according to a regular schedule, at a frequency not less than monthly and at least equal to commercially reasonable industry practices and guidance. For zero-day, critical and high vulnerabilities, remedies or patches will be applied on an accelerated or emergency basis. The Service Provider must conduct all reasonable due diligence to keep current regarding new vulnerabilities and patches. Network Time Protocol. Systems used by the Service Provider in the provision of Services must synchronise time with a stratum-2 (or higher time) reliable source. Investigations Support and Security Investigations. The Service Provider must: (a) retain investigation reports related to any Breach Incident or System security investigations for the period of 2 years after the investigation is completed or provide them to the HO for retention; (b) provide reasonable and collaborative investigative support to the HO in relation to compliance with this Schedule; (c) maintain chain of custody for evidence related to Breach Incidents or System security incidents; (d) support e-discovery; and (e) maintain legal holds to meet needs of investigations and judicial requests. Encryption. The Service Provider must (i) implement and maintain encryption of HO Data and Secured Datasets while at rest and in transit; (ii) offer the HO the technical capability of cryptographic key management to allow the HO to manage encryption keys in relation to HO information at rest and in transit; (iii) not hold or have access to encryption keys if such encryption keys are managed by the HO; (iv) not provide encryption keys used to secure HO information to a third party or the ability to break such encryption; Malware detection and prevention. The Service Provider will implement reasonable controls to detect and prevent the infiltration of malware into its Systems, such controls shall meet or exceed commercially reasonable industry practice and guidance and shall be capable of detecting external and insider threat behaviours and preventing nefarious techniques and tools. 10. Privacy Impact Assessment (PIA) & Security, Threat, Risk Assessment (STRA) From time to time, the HO may, at its own expense, conduct privacy or data security assessments, including PIA’s and STRA’s, to ensure that any programs or initiatives of the HO in which the Service Provider participates are fully compliant with FIPPA and that all applicable Data protection measures comply with generally accepted Canadian and international data security and privacy standards and guidance, including the Accepted Security Standards and Cloud Service Standards. The Service Provider will, if requested, provide its full cooperation with any such process including by providing requested information and records, permitting access to its Facilities and making Personnel available to provide requested information and feedback; The HO may require the Service Provider to conduct a STRA. If required by the HO, the Service Provider will, at its own expense, conduct a STRA based on Accepted Security Standards which will cover each of its Facilities. The HO may require that a STRA be performed (i) prior to the Effective Date; (ii) prior to the implementation of any new or material change in the Services affecting the processing of Data ; or (iii) following a Breach Incident. The HO will be provided with a copy of all such STRA’s and the STRA will be completed to the satisfaction of the HO. The Service Provider will provide its reasonable cooperation in responding to any inquiries from the HO concerning the STRA or its outcome, and will promptly rectify any deficiencies identified in the STRA and confirm to the HO when it has done so. 11. Collection, Access and Correction Collection. The Service Provider will only process Data and Records as necessary for the performance of the Service Provider’s obligations under the Agreement or as otherwise authorized by the HO in writing. If the Service Provider is required by the Agreement to collect Personal Information on behalf of the HO, the Service Provider will do so only in the manner prescribed by FIPPA. Specifically, the Service Provider will: (i) collect Personal Information directly from the individual to whom the information pertains; (ii) tell such individual the purpose and the legal authority for collecting it; and (iii) provide the individual with the title, business address and business telephone number of the person designated by the HO to answer questions about the Service Provider’s collection of Personal Information. The Service Provider may only collect Personal Information indirectly (i.e. other than directly from the individual that the information is about) as authorized in writing by the HO and as permitted by FIPPA; Requests for Access or Correction. If the Service Provider receives a request under FIPPA for access to Data or Records or correction of Personal Information from a person other than the HO, the Service Provider will promptly advise the person to make the request to the HO, unless the Agreement expressly requires the Service Provider to provide such access or process such correction or the HO provides a written direction to the Service Provider to do so. The Service Provider will provide such person with the name and contact information for the HO’s Chief Privacy Officer. Where the HO communicates to the Service Provider that it has received a request for access to Data, the Service Provider will, at its own expense, promptly locate and provide to the HO any and all responsive records in its possession and otherwise provide its reasonable cooperation and assistance to the HO in responding to the request; Accuracy and Correction of Personal Information. If under the Agreement the Service Provider engages in the collection, maintenance or updating of Personal Information or Records containing Personal Information, the Service Provider will make every reasonable effort to ensure the accuracy and completeness of such Personal Information generally and as required by FIPPA. If the HO directs the Service Provider to do so, the Service Provider will, in the manner specified by the HO, correct or annotate any Records that are created, maintained or held by the Service Provider under the Agreement. If so directed, the Service Provider will also be responsible for providing notice of the corrected or annotated information to any person(s) specified by the HO or who are entitled to receive such notice under FIPPA. 12. Foreign Disclosure and Storage The Service Provider will not permit the Records or any Personal Information to be transported or transmitted or disclosed to, or stored in, any jurisdiction other than Canada, unless such transport, transmission, disclosure or storage complies with this Schedule and the requirements of FIPPA and Applicable Law, and, in the case of: disclosure of Records or Personal Information to be stored outside of Canada, without prior written approval of the HO. Without limiting the generality of the foregoing the Service Provider will support the HO with completion of any PIA as may be required by FIPPA or Applicable Law in connection with the proposed disclosure of Personal Information to be stored outside of Canada. 13. Notice of Demands for Disclosure If the Service Provider or any member of the Personnel receives from a third party a request, demand, order, subpoena or other legal process for disclosure or production of the Data or Records, including a Conflicting Foreign Order, the Service Provider will immediately notify the HO’s Chief Privacy Officer, of the request, demand order, subpoena or other legal process, and, will not comply with it unless or until authorized by the HO. Notwithstanding the foregoing, the Service Provider does not breach this Agreement by complying with a requirement under Applicable Law, including an order or subpoena issued by a Canadian court or Canadian governmental authority, provided that the Service Provider has first complied with its notice obligations under this paragraph. The Service Provider is responsible to ensure that it obtains such contractual rights or makes other such arrangements with its Personnel or such other third parties to whom it may grant access to Personal Information as may be necessary to enable it to comply with the provisions of this section 13. 14. Privacy Representative and Chief Security Officer The Service Provider represents that it has appointed a Privacy Representative and Chief Security Officer, and that such person(s) have sufficient qualifications and authority to make decisions and execute documents and liaise with the HO on behalf of the Service Provider as may be required from time to time for the administration of and to ensure compliance with this Schedule. The Service Provider will notify the HO of the name of its Privacy Representative and Chief Security Officer and will notify the HO of any change of its Privacy Representative. 15. Notice of Compliance, Breach and Corrective Action Within three months of the end of each calendar year during the term of the Agreement, the Service Provider will deliver to the HO’s Chief Privacy Officer and Chief Security Officer, an annual compliance certificate signed by its Privacy Representative and its Chief Security Officer confirming that the Service Provider and all Personnel are in compliance with this Schedule and FIPPA. If the Service Provider is unable to provide a Compliance Certificate, then the Service Provider will substitute for the compliance certificate a notice setting out full particulars of all areas of non-compliance and its plan for rectification of such deficiencies. The Service Provider will, promptly and without unreasonable delay, provide HO’s Chief Privacy Officer and Chief Security Officer with written notice of any actual or anticipated Breach Incident, including full particulars of each such breach. In the event of a Breach Incident, the HO will have the right to require the Service Provider to immediately suspend or revoke, on a temporary or permanent basis, the right of access to any Records, Data or any network or System used to process Data by any one or more members of the Personnel; If a Breach Incident is attributable, directly or indirectly, to the acts or omissions of the Service Provider or its Personnel, the Service Provider will, at its own cost, co-operate fully with the HO in preventing the occurrence or recurrence of the Breach Incident, including, if requested to do so: by investigating the Breach Incident and preparing a written report identifying the causes of the incident and identifying the remedial actions it intends to implement in order to prevent further occurrences; working collaboratively with the HO regarding the incident investigation and response; promptly completing to the satisfaction of the HO all remediation required to address the current Breach Incident (and prevent similar Breach Incidents in the future) within such timelines as the HO may reasonably require; and taking all reasonable steps to mitigate any harms flowing from the Breach Incident, including by making best efforts to recover or obtain any Records or Data that have been acquired by unauthorized third parties contrary to FIPPA or this Schedule. All rights and remedies set out in this Schedule in the event of a Breach Incident are in addition to any rights or remedies available to the HO under the Agreement or otherwise at law, and the HO reserves the right to apply to court for injunctive relief or seek any other remedy available to it in the event of a Breach Incident. 16. Compliance Verification and Attestation The Service Provider acknowledges and agrees that certification with accreditation is the required method for the Service Provider to demonstrate its compliance with the Accepted Security Standards and Cloud Service Standards. The Service Provider must ensure that it maintains at all times current certification with accreditation for the compliance with the Accepted Security Standards and Cloud Service Standards. At the request of the HO, or at a minimum, annually, the Service Provider will provide the HO with evidence satisfactory to the HO, that the Service Provider is maintaining current certification with attestation for compliance with the Accepted Security Standards and Cloud Service Standards. If the Service Provider has not yet implemented certification with accreditation against the Accepted Security Standards or Cloud Service Standards, then it may pending accreditation and with the written approval of the HO, utilize the following alternate verification and attestation of compliance methods for the first ninety (90) Business Days following the Effective Date, or such longer period as the HO may authorize in writing: a SOC 2 Type II audit, conducted by an independent, accredited or otherwise reputable third-party auditor on the following terms; the SOC 2 Type II audit must be appropriately scoped and conducted against the relevant principles and requirements, while choosing an appropriate framework for assessing the CSP’s internal controls; the preferred control frameworks to be used when performing the SOC2 Type II audit are NIST SP 800-53, ISO/IEC 27002:2013, ISO/IEC 27017 or CSA CCM, as appropriate for the environment; Or for cloud implementations, by performing an annual Level 2 of CSA STAR Attestation as evidenced by a CSA audit report or letter from a CSA auditor, as may be defined on the CSA’s website at https://cloudsecurityalliance.org d) If the Service Provider is performing verification and attestation under paragraph (c) of this section 16, then, at the request of the HO, the Service Provider will provide the HO with evidence satisfactory to the HO that the Service Provider is maintaining verification and attestation in compliance with said paragraph (c). If an implementation period of longer than ninety (90) Business Days has been approved by the HO, then such evidence shall be provided on at least an annual basis. 17. Audit, Inspection, Investigation & Cooperation The Service Provider will permit the HO and/or its representatives and agents to conduct periodic audits related to performance by the Service Provider and the Personnel of the Service Provider’s obligations under this Schedule. The HO may, at any reasonable time and on reasonable notice to the Service Provider, enter on the Service Provider’s premises to inspect any Records in the possession of the Service Provider or any of the Service Provider’s information management policies or practices relevant to its management of the Data or Records or its compliance with this Schedule, and the Service Provider must permit, and provide reasonable assistance to, any such inspection or audit. The permitted scope of any such audit includes the right to review the Service Provider’s records of monitoring and enforcement of Personnel compliance with this Schedule. If the HO determines, in its sole discretion, that the Service Provider’s (or Personnel’s) compliance with any term of this Schedule cannot be validated by information furnished by the Service Provider, the HO may initiate an audit, which may be carried out by a third party industry recognized service provider on the HO’s behalf. Upon request by the HO, the Service Provider will, at its own cost, promptly provide copies of any Records in its possession or control to the HO or its designate; The Service Provider will, at its own cost, fully cooperate (including by providing access to Records and related documentation and information) with the HO in the event of any investigation, inquiry, complaint, claim, suit, action or other legal proceeding regarding any actual or alleged breach of FIPPA or this Schedule, including but not limited to a Breach Incident. 18. Default & Termination Notwithstanding anything in the Agreement to the contrary, the Service Provider agrees that a Material Breach of this Schedule will entitle the HO to terminate this Agreement immediately upon written notice. Without limiting the generality of the foregoing, the Service Provider agrees that in addition to any other legal rights or remedies the HO may have for a breach of this Schedule, the HO has the right to an injunction or other equitable relief in any court of competent jurisdiction enjoining a threatened, anticipated or actual breach of this Schedule or FIPPA by the Service Provider. 19. Change of Law & Amendment In the event of any change in the circumstances of either Party, Applicable Law, including FIPPA, or any foreign laws applicable to the Service Provider or the HO that would affect, in the reasonable opinion of the HO, (i) either party’s ability to perform its obligations under this Schedule, or (ii) the effectiveness or sufficiency of this Schedule in ensuring best practices and legal compliance in relation to privacy and data security, the HO will have the right to require the Service Provider to engage in negotiations to address any such issues by amendment to the Schedule or otherwise. If the Parties are unable to reach agreement or if the changes in law or circumstances cannot reasonably be addressed by agreement, then the HO may terminate the Agreement upon the provision of written notice to the Service Provider with effect on the date specified in such notice. The Service Provider will promptly notify the HO’s Chief Privacy Officer and Chief Security Officer, in writing of any fact or circumstance, including a change in law, which has, or may reasonably be expected to have, a material adverse impact on the Service Provider’s ability to fully comply with this Schedule. Upon receiving such notice, the HO may, at its option, terminate the Agreement upon the provision of written notice to the Service Provider with effect on the date specified in such notice. 20. No Withholding The Service Provider will not be entitled to, and hereby waives any and all right to, withhold any Records from the HO in order to enforce any alleged payment obligation or in connection with any dispute relating to the terms of the Agreement or any other matter between the HO and the Service Provider. 21. Return or Destruction of the Record Upon Request Except as otherwise specified in the Agreement, the Service Provider will retain the Data and Records until it is provided with a written direction from the HO regarding its return or destruction. Upon the expiry or earlier termination of the Agreement or, at any time upon the written request of the HO, the Service Provider will promptly and at its own cost, (i) return or deliver all Records, including any copies thereof, to the HO; or (ii) securely destroy, according to the HO’s instructions, all Data and Records, including any copies thereof, in any form or format whatsoever in the Service Provider’s possession constituting or based upon the Data and, upon the HO’s request, will provide a completed Certificate of Destruction in a form satisfactory to the HO. After a request is made under this section 21, the Service Provider will not retain or use any Records for any purpose without the prior written consent of the HO. If, for any reason, the Service Provider retains any Data or Records following the termination or expiry of the Agreement, the Service Provider’s obligations to protect and maintain the confidentiality and security of the Records and Data pursuant to this Schedule will continue in full force and effect. c) Unless otherwise directed by HO, if the Service Provider is directed or otherwise required by this Schedule to destroy Records, the Service Provider will ensure that the destruction occurs as follows: (i) Data erasure will be accomplished by software erasure or by physical destruction of the media; (ii) Software erasure and physical destruction will be at a minimum to NIST 800-88 standard, as updated, amended or replaced from time to time; (iii) physical destruction of paper media will occur by burning, cross-cut shredding, or pulping. The Service Provider will maintain records documenting all Record destruction. 22. General If a provision of this Schedule or the Agreement (including any direction given by the HO under this Schedule) conflicts with a requirement of FIPPA, the conflicting provision of the Schedule or Agreement (or direction) will be inoperative to the extent of the conflict. Unless otherwise expressly provided in the Agreement, if a provision of this Schedule is inconsistent or conflicts with a provision of the Agreement, the conflicting or inconsistent provision in the Agreement will be inoperative to the extent of the conflict. The Service Provider expressly acknowledges and agrees that this Schedule is binding on the Service Provider notwithstanding any Conflicting Foreign Order or the laws of any jurisdiction outside of Canada purporting to compel disclosure or production of the Records or otherwise conflicting with this Schedule and that it will comply with the provisions set out in section 13 of this Schedule. The Service Provider’s obligations under this Schedule will continue despite the expiry or earlier termination of the Agreement. Except as otherwise provided in this Schedule, no amendments to this Schedule will be effective unless made in writing and agreed to by the Parties. OROFRESH ENTERPRISES INC. Per: _______________________________________ Authorized Signatory Name: Title: | VANCOUVER COASTAL HEALTH AUTHORITY Per: ______________________________________ Authorized Signatory Name: Title: Contract Manager | Email Address | Phone # Nelson Tung | Nelson.tung@vch.ca | 604.983.6774 North Shore After Hours Phone #: | 604-986-7111 Service Provider Name: | Sharon Speirs Title: | Manager Tel: | 778.279.3634 Email: | sspeirs@thekey.com VCH Contract Manager Name: | Nelson Tung Title: | Program Manager Tel: | 604.989.0669 Email: | Nelson.tung@vch.ca VCH contact person | Email Sara Soroush | sara.soroush@vch.ca FPBS Manager | Email Sara Soroush | sara.soroush@vch.ca cc: Compliance@vch.ca Invoice Date: | Invoice Number: | Service date | Department/Unit worked | Job code* | Hours type code ** | Hours type code ** | Hours type code ** | Hours worked | Hourly rate | Wages (hrs x rate) | Expenses (travel, accommodation, mileage) $ - * Job Codes: | * Job Codes: | * Job Codes: Community Health Worker = CHW | Community Health Worker = CHW | Community Health Worker = CHW ** Hours type code | ** Hours type code Regular = R | Regular = R | Regular = R Statutory holidays = S | Statutory holidays = S THIS CERTIFICATE IS REQUESTED BY and ISSUED TO: COASTAL HEALTH AUTHORITY (“VCH”) | Agreement Identification: Service Provider: Orofresh Enterprises Inc. (dba The Key) Contract ID#: ID011393 Program: Home Support Surge – Coastal, North Shore Term: April 1, 2024 to March 31 2027 | Agreement Identification: Service Provider: Orofresh Enterprises Inc. (dba The Key) Contract ID#: ID011393 Program: Home Support Surge – Coastal, North Shore Term: April 1, 2024 to March 31 2027 VCH CONTACT PERSON NAME & TITLE Contract Management Office | EMAIL: compliance@vch.ca | EMAIL: compliance@vch.ca MAILING ADDRESS 9th Floor, 601 West Broadway, Vancouver, BC | MAILING ADDRESS 9th Floor, 601 West Broadway, Vancouver, BC | POSTAL CODE V5Z 4C2 SERVICE PROVIDER NAME Orofresh Enterprises Inc. (dba The Key) | SERVICE PROVIDER NAME Orofresh Enterprises Inc. (dba The Key) | SERVICE PROVIDER NAME Orofresh Enterprises Inc. (dba The Key) SERVICE PROVIDER ADDRESS 1861 Marine Drive, West Vancouver, BC | SERVICE PROVIDER ADDRESS 1861 Marine Drive, West Vancouver, BC | POSTAL CODE V7V 1J7 INSURED | NAME | NAME | NAME | NAME | NAME INSURED | ADDRESS | ADDRESS | ADDRESS | ADDRESS | POSTAL CODE OPERATIONS INSURED | PROVIDE DETAILS | PROVIDE DETAILS | PROVIDE DETAILS | PROVIDE DETAILS | PROVIDE DETAILS TYPE OF INSURANCE List each separately | TYPE OF INSURANCE List each separately | COMPANY NAME, POLICY NO. & BRIEF DESCRIPTION | EXPIRY DATE YYYY/MM/DD | LIMIT OF LIABILITY/AMOUNT | LIMIT OF LIABILITY/AMOUNT Commercial General Liability | Commercial General Liability | CGL policy includes VCH as an additional insured, is endorsed to provide VCH with 3o days advanced written notice of cancellation or material change, and includes a cross liability clause. AGENT OR BROKER COMMENTS: | AGENT OR BROKER COMMENTS: | AGENT OR BROKER COMMENTS: | AGENT OR BROKER COMMENTS: AGENT OR BROKER | ADDRESS | ADDRESS | PHONE NO ( ) SIGNED BY THE AGENT OR BROKER ON BEHALF OF THE ABOVE INSURER(S) | SIGNED BY THE AGENT OR BROKER ON BEHALF OF THE ABOVE INSURER(S) | DATE SIGNED | DATE SIGNED